With the announcement that the personal information of 143 million people was lost to hackers coming last Friday, Equifax now face a challenging recovery period as they attempt to respond and rebuild.
Assessing the early impact
A credit report company with data on on more than 820 million consumers and 91 million businesses across the globe, Equifax are one of the largest companies to date to be hit by such a breach.
There was a 14% drop in Equifax’s share price almost overnight as investors cautiously assessed the potential effect of the breach on Equifax’s trading position. US state prosecutors are now set to investigate and attorneys general in New York, Illinois, Massachusetts, Connecticut and Pennsylvania have announced that they will open state investigations into the data breach.
Investors, partners and affected customers will no doubt be looking for answers and Rep Jeb Hensarling, leader of the House Financial Services Commission suggested to the BBC that they need to be forthcoming: “Every breach leaves consumers exposed and vulnerable to identity theft, fraud and a host of other crimes, and they deserve answers.”
On UK shores, the Information Commissioner’s Office (ICO) has urged Equifax to provide updates to British customers as to the way in which their data has been affected.
Dealing with a data breach
Equifax’s response to the breach has drawn criticism in the media, with Robert Pritchard of the Cyber Security Expert stating to Sky News that the response had been “extremely poor” and that the breach must be considered “an unmitigated disaster”. 40 days had elapsed by the time Equifax informed the public of the breach, while three senior executives sold shares worth nearly $1.8m before the breach had been made public knowledge.
As with any company recovering from a data breach, there was an inevitable community backlash on social media, before Equifax eventually released a tool for customers to check whether their data has been impacted.
— CNN (@CNN) September 9, 2017
To provide support to disgruntled customers, Equifax announced that it had tripled the size of the call center team to over 2,000 agents but has not been as quick in disclosing the cause of the data breach or the reasons behind the public being kept in the dark for over a month.
It remains to be seen whether Equifax had put in place the data security best practice outlined within PCI DSS. If you are concerned that your business may not be doing all it can to safeguard against these attacks, utilising PCI compliant secure payment technology is a huge step in the right direction. Get in touch with our secure payment experts to discuss how to achieve PCI compliance today.