In 2017, Equifax fell victim to the largest hack in US history, exposing the sensitive information of almost 150 million people, including credit card information, social security numbers, drivers’ licence numbers and more. Almost two years later the company is still seeing the consequences of the breach, reaching a deal recently to pay out at least $650 million to state and federal regulators to settle related lawsuits.
Lawsuits and fines are not the only costs companies may face after a data breach. Data breaches can have less obvious impacts, too, that can last for months or even permanently. According to recent research from PCI Pal on the effects of data breaches on US consumer trust and purchasing decisions, 62 percent of consumers claimed they would stop spending with an organisation for several months in the event of a breach, and 21 percent said they’d avoid the company forever. This represents a significant potential revenue loss in both the short and long term.
In the case of Equifax, the company has seen a decline in net income and stock price as it works to regain consumer trust, underscoring the negative consequences faced by organisations that aren’t immediately transparent about a breach and aren’t communicative about the steps it plans to take to resolve the issue.
Fortunately, a company’s actions following a breach can help to minimise the financial penalties it may experience and help to earn back consumer trust. According to our research, 41 percent of US consumers want businesses to admit responsibility and invest in improving its security efforts after a breach. Additionally, 26 percent want a third party to confirm the company’s ecosystem is safe, and 21 percent want a company to announce PCI or GDPR compliance to earn back their trust.
In an attempt to recover from the fallout, Equifax took a number of steps toward rebuilding customer trust, including offering a year of free credit monitoring services. However, it was criticised for how long it took to notify customers of the breach, issues with the website it rolled out for customers who may have been impacted, and lack of security policies in place to prevent the breach. Furthermore, the company has not publicly disclosed new security practices or validations following the breach. In order for Equifax to minimise the negative impact to its reputation, the company will have to invest in security and provide full visibility into its remediation efforts.
Equifax should serve as a wakeup call for all business leaders, and it should motivate them to have a contingency plan in place ‘just in case’. A good starting point is to invest in technologies like PCI Pal’s solutions, which ensure your customers’ sensitive financial information is never at risk, and can help reassure your customers in the event of a data breach. Contact us today to learn more.