Equifax haunted by cyber attack as costs, lawsuits increase
Equifax Inc.’s massive data breach is proving costly.
Extra spending on security and lawyers in the wake of the hacking helped push third-quarter operating expenses to the highest on record, the Atlanta-based company said Thursday in a statement. The company also said it’s facing more than 240 class-action lawsuits and more than 60 regulatory or governmental inquiries.
Chief Executive Officer Paulino do Rego Barros, who took over in September when Richard Smith was felled by the scandal, has said that security spending surged fourfold since the hack was discovered. The firm said it installed vulnerability-detection tools and hired consultants to improve cybersecurity this year.
“We recognize that we have an important journey in front of us to regain the trust and confidence of consumers and our business customers,” Barros said in Thursday’s statement.
Equifax said it incurred $27.3 million of costs related to the incident last quarter. Total operating expenses rose 15 percent from a year earlier to $681.9 million.
The company also recorded a $56 million liability related to costs to provide free credit monitoring, and said those expenses could climb to $110 million. The global consumer business, which sells credit-monitoring and identity-protection tools, posted little change in revenue. Equifax has agreed to provide the TrustedID Premier credit monitor to all U.S. consumers free for one year.
Equifax announced on Sept. 7 that hackers accessed data including Social Security numbers, driver’s license numbers and addresses for 145 million Americans. The breach attracted scrutiny from lawmakers in Washington and criticism from consumers and banks, igniting a debate about the role credit bureaus play in lending.
Among the regulatory inquiries that hadn’t previously been reported were investigations from offices of 50 state attorneys general, the Financial Industry Regulatory Authority, and the New York Department of Financial Services.
Equifax also said many customers of the U.S. Information Solutions business, which are largely financial institutions, are requiring the credit bureau to perform security audits of its systems. Any negative audit results could result in a loss of customers, Equifax warned in the filing.
“Certain of our customers have determined to defer new contracts or projects unless and until we can provide assurances regarding our ability to prevent unauthorized access to our systems and the data we maintain,” Equifax said.
Equifax shares dropped 1.2 percent to $107.65 at 4:47 p.m. in late New York trading after the announcement. It has slumped 24 percent since the hack was disclosed.
Equifax executives are scheduled to take questions from analysts during a conference call on Friday at 8:30 a.m. in New York.
Net income dropped to $96.3 million, or 79 cents a share, from $132.8 million, or $1.09, a year earlier, according to the statement. The company said its adjusted earnings per share were $1.53. The average estimate of 14 analysts surveyed by Bloomberg was for adjusted profit of $1.49 a share. Third-quarter revenue climbed 3.8 percent to $834.8 million, missing the $847 million average estimate of 13 analysts surveyed by Bloomberg. U.S. Information Solutions, the firm’s largest unit, where Equifax houses its flagship credit database, said revenue dropped 3 percent. That database wasn’t affected by the breach, Equifax has said.