If the credit-report service is going to pay an appropriate price for its massive consumer-data breach, action will need to be taken against the stock
“Equifax will not be defined by this incident but rather by how we respond,” Equifax Inc. Chief Executive Richard Smith predicted Thursday.
He was right. Equifax’s reaction to a data breach that potentially revealed personal data on two-thirds of American adults has defined the company, in popular opinion and on Wall Street. Poorly executed and reeking of impropriety, the response to the company’s failure to perform its most basic task warrants a pummeling of Equifax’s stock EFX, +2.51% and should spur additional federal regulatory scrutiny to protect consumers.
Equifax exists solely to securely collect and provide data on consumers, yet it was forced to announce last week that unknown attackers enjoyed nearly two months’ worth of access to some parts of the Equifax network, potentially with access to data on 143 million Americans.
“This is not like the equivalent of someone robbing a bank,” said Venky Ganesan, a managing director with Menlo Ventures, referring to the volume and types of data gathered by Equifax. “It is like robbing the Federal Reserve.”
In response, CEO Davis took to YouTube to announce the “unprecedented step” of offering all American consumers free credit-monitoring services — from Equifax’s own subsidiary — and to say that the company had “opened a special call center and launched a dedicated website to provide consumers with the information they need to manage their personal situation.”
The call centers answering Equifax’s calls did not seem to know anything about the hack when consumers began calling immediately after executives announced the breach, though. While the website informed some consumers their data had been accessed and cleared others who were willing to provide portions of their social-security numbers, many users received no answer other than being told to continue enrolling in Equifax’s TrustedID credit-monitoring program. Hours later, they would learn that TrustedID’s terms of service could strip them of their right to sue.
As consumers frantically tried, and failed, to find out whether their information was in danger, Equifax did not respond to such basic media inquiries as this: “What does a nonanswer on your website mean?” Revelations that three top executives, including the chief financial officer, had executed unplanned stock sales worth a total of $1.8 million after the breach was discovered but before it was announced only added to the fallout.