Coverage: Equifax earnings drop amid costs from data breach

Equifax has incurred $87.5 million of expenses stemming from a giant data breach this year and faces dozens of government investigations as a result.

Stacy Cowley of The New York Times had the news:

Equifax disclosed in September that attackers had used a flaw in its website software to extract the personal information of as many as 145.5 million Americans. The stolen data included names, Social Security numbers, birth dates, addresses and driver’s license numbers.

The company has been reeling ever since. Equifax said Thursday that its third-quarter profits fell to $96.3 million, down 27 percent from the same period last year.

Skittish corporate customers have delayed some projects until the company can prove that its systems are secure, Equifax said in a regulatory filing Thursday. Many have asked for security audits, the company said.

While Equifax’s third-quarter sales increased slightly, to $834.8 million, they fell short of analysts’ expectations.

John McCrank of Reuters reported that some Equifax customers have held back their business:

The company said the breach was already taking a toll on sales.

“We believe that certain of our customers have determined to defer new contracts or projects unless and until we can provide assurances regarding our ability to prevent unauthorized access to our systems and the data we maintain,” it said in the SEC filing.

Equifax needs to do a better job of communicating whether it believes the hackers are still inside its network, said Mark Rasch, a former U.S. federal cyber-crimes prosecutor who advises businesses on responding to breaches.

“What I want to know is ‘How did they get in?’ and ‘How are they preventing hackers from getting in the future?’ They haven’t answered those questions,” said Rasch.

Hayley Tsukayama of The Washington Post reported the company faces hundreds of class-action lawsuits:

Equifax, the credit reporting firm, is facing more than 240 class-action lawsuits from consumers — in addition to suits from shareholders and financial institutions — over the way it handled a massive data breach that affected 145.5 million Americans.

The lawsuits were detailed in the company’s third-quarter earnings report Thursday, its first since revealing the breach in September. The incident prompted three top officials to leave the company, including former chief executive Richard Smith.

Equifax also said in its filings that it had received subpoenas from the Securities and Exchange Commission, as well as the U.S. Attorney’s Office for the Northern District of Georgia “regarding trading activities by certain of our employees in relation to the cybersecurity incident.” Shortly after news of the breach broke, reports circulated that top officials had sold Equifax stock after the company found out about the breach, but before disclosing it to the public. Equifax said this week that it had cleared its executives of wrongdoing after an internal investigation found that the executives did not personally know about the breach before their stock sales.