Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Businesses Privacy Security

Equifax Tells Investors They Could Be Breached Again - And That They're Still Profitable (nypost.com) 88

"Equifax executives will forgo their 2017 bonuses," reports CNBC. But according to the New York Post, the company "hasn't lost any significant business customers... Equifax largely does business with banks and other financial institutions -- not with the people they collect information on."

Even though it's facing more than 240 class-action lawsuits, Equifax's revenue actually increased 3.8% from July to September, to a whopping $834.8 million, while their net income for that period was $96.3 million -- which is still more than the $87.5 million that the breach cost them, according to a new article shared by chicksdaddy: The disclosure, made as part of the company's quarterly filing with the US Securities and Exchange Commission, is the first public disclosure of the direct costs of the incident, which saw the company's stock price plunge by more than 30% and wiped out billions of dollars in value to shareholders. Around $55.5m of the $87.5m in breach-related costs stems from product costs â" mostly credit monitoring services that it is offering to affected individuals. Professional fees added up to another $17.1m for Equifax and consumer support costs totaled $14.9m, the company said. Equifax also said it has spent $27.3 million of pretax expenses stemming from the cost of investigating and remediating the hack to Equifax's internal network as well as legal and other professional expenses.

But the costs are likely to continue. Equifax is estimating costs of $56 million to $110 million in "contingent liability" in the form of free credit monitoring and identity theft protection to all U.S. consumers as a good will gesture. The costs provided by Equifax are an estimate of the expenses necessary to provide this service to those who have signed up or will sign up by the January 31, 2018 deadline. So far, however, the company has only incurred $4.7 million through the end of September. So, while the upper bound of those contingent liability costs is high, there's good reason to believe that they will never be reached.

The Post reports that some business customers "have delayed new contracts until Equifax proves that they've done enough to shore up their cybersecurity."

But in their regulatory filing Thursday, Equifax admitted that "We cannot assure that all potential causes of the incident have been identified and remediated and will not occur again."

Equifax Tells Investors They Could Be Breached Again - And That They're Still Profitable

Comments Filter:
  • by Anonymous Coward on Sunday November 12, 2017 @12:39AM (#55533819)

    The fact it still exists shows how corrupt things are.

    • by Opportunist ( 166417 ) on Sunday November 12, 2017 @05:16AM (#55534449)

      This. How is it even possible that they are still operating? Anyone else doing a fraction of what happened there would be in prison forever and his assets gone to compensate the victims. How are they not only still doing business but actually having to think whether to pay their C-Levels a bonus? I.e. how are they even still able to pay a bonus?

      • by gtall ( 79522 ) on Sunday November 12, 2017 @07:08AM (#55534693)

        Easy. There are no laws to prevent companies like EquiFax from sucking up your information and selling it to the highest bidder or having it pilfered by the lowest scum.

        The Republicans are big believers in "business", they won't rein in companies like this. The Libretards believe information wants to be free. The Democrats will write new legislation each year for the next 10 years and still not solve the problem.

        And the problem is: you want a loan or credit, who vouches for your background? There is a market there and it is going to be filled. The only issue is how secure is that information. Hanging the company officials won't stop the information getting pissed away. They'll simply get better lawyers.

        • by Anonymous Coward

          If it's a necessity of business, shouldn't it be something done by a government or heavily regulated non-profit rather than incompetent profit-making entities?

        • Re: (Score:1, Interesting)

          by Anonymous Coward

          The Republicans are big believers in "business", they won't rein in companies like this. The Libretards believe information wants to be free. The Democrats will write new legislation each year for the next 10 years and still not solve the problem.

          I wanted to go on record as a libertarian, offering my opinion on this issue

          I believe that the current concept of "identity theft" needs to change. The banks should be liable for loans issued to the wrong person. The victim should not be responsible for the mista

        • by Blymie ( 231220 )

          Not to mention, as the last 20 years has shown -- the entire Western economy is based upon *credit*. Lending. Borrowing. *Debit*.

          If you decided tomorrow that Equifax couldn't share info. Or, something immediate and drastic was done?

          You'd see massive unemployment, economic crash, you name it.

          No new mortgages. No loans. No new credit cards. Even ongoing credit monitoring would be a concern.

          Equifax and its ilk are in a unique position that every bank, mortgage company, you name it -- relies upon them re

    • The fact that it still exists merely illustrates how badly nerds misunderstand what matters in business survival. As for why Equifax still has any customers, the reason is not corruption and is very simple - the average person is dumb as a brick.

    • I agree! It also shows that massive breaches and any fines that come with it do absolutely nothing to businesses. Are TJX and Target any worse off? Did they now have top notch security in place? As long as even a massive breach is far cheaper for a company than implementing proper security nothing will change. Penalties need to be tied to the number of records breached with a minimum of 1,000$ to be paid directly to the victim. Now that would be more than just a blip on the balance sheet for Equifucks.
  • by rtfa0987 ( 1260014 ) on Sunday November 12, 2017 @12:50AM (#55533847)
    "Equifax admitted that profit declined 28% from a year ago. However, after wiping away the $87.5 million in costs of the data breach for its adjusted earnings metric, Equifax was able to claim a 6% gain in profit and beat average analyst estimates. Equifax’s adjusted earnings are nothing new for it or thousands of other companies. MarketWatch has shown repeatedly how companies use adjusted earnings to make their results appear better than they actually are... the company stripped the charges from a non-GAAP earnings figure that it provided, which allows Equifax to claim that profits are growing even as it takes a hit from the data breach. https://www.marketwatch.com/st... [marketwatch.com]
    • Re: (Score:2, Funny)

      by Anonymous Coward

      Plus of course, look at all the money they saved on IT security!

    • The companies that lay off people deduct severence and other "restructuring" costs from their non-GAAP results as a supposed short-term glitch in their business, even though they are laying off people year after year after year.
  • by D,Petkow ( 793457 ) on Sunday November 12, 2017 @12:53AM (#55533855) Homepage
    Well now that they have revealed those numbers, the class action lawsuit lawyers have a concrete goal for the settlement sums, lmao.
  • It's true (Score:5, Insightful)

    by bobstreo ( 1320787 ) on Sunday November 12, 2017 @01:01AM (#55533885)

    They won't have to factor in the costs of lawyers until later.

    People should ignore the class action suits, and file millions of personal suits, assuming there are sufficient ambulance chasers available to work knowing they'll only be paid if they win.

    • by guruevi ( 827432 )

      That's why class action suits were invented. Individual cases would net maybe $2000 for the victim, which would go 100% to a lawyer and the lawyer would actually lose out between running the paperwork and being in court. Additionally it would clog the justice system even more, resulting in more delays and even higher costs for everyone, including the victim (which pays for it through taxes)

      Class-actions, as shitty as they are, improve the system as a whole, the lawyer gets his pay-day and the victim sees so

      • Every US citizen multiplied by $2,000 would be a pretty good fucking lawsuit to bring them down. Meanwhile they'll just get off with a class action which will amount to a few cents per person automatically opted in even if they don't know it exists.
  • by Arzaboa ( 2804779 ) on Sunday November 12, 2017 @01:22AM (#55533929)

    If these corporations were actually people, they would be feed to the dogs. They prey on people coming and going. They sell and trade information to manipulate people, while gaming the system in their favor. There are plenty of ways to do business without completely disregarding any semblance of privacy.

    --
    "Use the force Luke" - O. W. Kenobi

    • Re:There is no shame (Score:5, Informative)

      by Anonymous Brave Guy ( 457657 ) on Sunday November 12, 2017 @03:13AM (#55534115)

      If these corporations were actually people, they would be feed to the dogs.

      If they do have another event on a similar scale once the GDPR has come into effect in Europe next year, being fed to the dogs might be the least of their problems. The penalties for a major compliance failure can be up to 4% of annual global turnover. Going by the figures mentioned in TFS, it looks like that would wipe out Equifax's entire net income for between one and two quarters. That's just the financial penalty from the regulators in the EU, and doesn't take into account any additional criminal sanctions that member states might choose to impose.

      • That is not enough, if you potentially ruined 325 million peoples lives you wouldn't loose a years income, you would go to jailed for the rest of your life, with no income.

        • That's just the fine that can be imposed by regulators. It doesn't preclude individuals suing for damages in their own rights (and remember that in somewhere like the UK, there's no direct equivalent to class action suits, and typically the loser is going to pay costs for both sides in a civil suit like this). It also doesn't preclude being charged with any criminal offences that member states may wish to create in addition to the regulatory penalties.

          • by Xest ( 935314 )

            "and remember that in somewhere like the UK, there's no direct equivalent to class action suits, and typically the loser is going to pay costs for both sides in a civil suit like this"

            That's no longer true, the legal framework for them went into law this year.

            • Interesting... Given that the UK legal systems don't seem to have the fundamental problem that class actions try to solve in the US, would you mind elaborating a little on what is actually happening here and why?

  • by Anonymous Coward

    You can play the feds like a violin.

  • "Equifax executives will forgo their 2017 bonuses,"

    Corporations are going to treat people like shit until a few CEOs and board members are punished, and not just financially. We've got Guantanamo Bay and it hasn't been at all useful to fight terrorists, so why not start putting these monsters there?

    There is a saying, that "The only way to stop a bad guy with a corporation is a good guy with a gun." I know it sounds a little bit harsh, but it's just not going to stop until something drastic happens.

    I'll te

    • I'll tell you the last thing these corporate jackoffs need is a fat tax cut.

      The last thing they need? As in they'll get the tax cut for dessert at the end of the meal?

    • by gtall ( 79522 )

      Federal, much less, State courts cannot banish some one to Gitmo. And Gitmo isn't large enough even if you could get the legislation through Congress and said legislation is probably unconstitutional.

      Now go back and eat your Cherrios, so you'll grow big and strong and get a law degree.

  • Someone please shoot those wankers already, they're just torturing themselves anymore.

    And even more important, us.

    • by gtall ( 79522 )

      I see. So if someone, say you (to pick and individual at random), gets his tail caught in crack, someone should blow you into the next universe? How civilized of you.

      • If my gross negligence and utter ignorance caused thousands if not millions of people suffering?

        If someone, to pick an individual at random, me, was to handle poisonous gas unsafely and causing a whole city to be evacuated, causing people to suffer and destroying their existence because their homes are now uninhabitable, would you say "oh c'mon, mistakes happen, that's what erasers are for"?

    • Someone please shoot those wankers already, they're just torturing themselves anymore.

      And even more important, us.

      And in their absence, if you're a lender and want to know if your potential customer is a deadbeat you do ... what, exactly?

      • What? Don't you trust the free market, the invisible hand and the intangible foot in the mouth to create a service if there is a market for it?

  • If enough people freeze their credit with Equifax - but not with Experian and Transunion, Equifax will lose customers. I just got a new credit card and my credit is frozen with them. Just had to talk with the card people over the phone.

    • If enough people freeze their credit with Equifax - but not with Experian and Transunion, Equifax will lose customers. I just got a new credit card and my credit is frozen with them. Just had to talk with the card people over the phone.

      That would defeat the purpose of the freeze, which is to protect you. Equifax's breach exposed your data, and if a scammer can just use it to open a credit line with a firm that uses Transunion to check your credit, you've still got a problem. Freeze with EVERYONE.

  • "But in their regulatory filing Thursday, Equifax admitted that "We cannot assure that all potential causes of the incident have been identified and remediated and will not occur again."

    WE SUCK!

  • How convenient the executives sold their shares before it plunged. So why are they still not in jail?
    • How convenient the executives sold their shares before it plunged. So why are they still not in jail?

      Didn't you hear, the company hired the Three Wise Monkeys (other wise known as their own corporate layers) to do an investigation. They went "La, la, la, I can't see or hear you" and exonerated the executives of any wrongdoing.

      Do you really expect the SEC under Trump to actually do anything?

  • Has convinced human resources departments everywhere that there is a correlation between credit scores and reliability - correlation does not imply causation. Furthermore, they've also managed to sell their product to consumers wishing to know what their credit score is. The rake in the money by the millions and the true victims are the plebes of society. Equifax sells their service to banks under the blanket of "helping the bank minimize risks." It is just another case of the 99% butt-raping the 1%.
    • Replace "Human Resource" departments with Accounting and/oe Credit departments, and then you can add a Morgan Freeman "He's right, you know" meme.
  • let me guess $27.1 million on legal fees, $0.1 on investigation and $0.1 on security improvements?
  • Forget the free credit monitoring, that will just tell you that a problem is already underway. Freeze your credit, which keeps anyone from opening a new line of credit, or anyone else from examining your credit. You can briefly unfreeze if necessary to, for example, get a loan or a new card. In some cases freezing and unfreezing can cost you, but that's a lot less hassle than trying to undo a situation that's already begun. I'm optimistic that Congress at some point is going to make the credit agencies free
  • ...the risk/damage.

    Encrypt each user's information with an individual AES256 key. Then perimeter penetration, while still bad, is limited in scope, and while keys like that can be broken, it's expensive at a per-user basis (rather than free for millions of users.)

    This requires a key management system, but they exist today. How do you avoid all the keys being stolen? That's actually vastly simpler and easier than securing the rest of the network. How to keep the thieves from cracking the interfaces/APIs to t

  • If everyone single person put a security freeze on their Equifax account, would it hurt the company?
    • by ELCouz ( 1338259 )
      Then Equifax will not honor account freeze anymore. But the probability of having enough people asking for freezes to hurt the company is low.
  • "Equifax executives will forgo their 2017 bonuses," reports CNBC. But according to the New York Post, the company "hasn't lost any significant business customers... Equifax largely does business with banks and other financial institutions -- not with the people they collect information on."

    "The dope about the dopes is our product, the banks that buy it are our customers. These idiots might be pissed off at at us, but who cares, we don't need their love, just their info." All absolute truths.

    There is some minor hiccups due to law suits. The first line of defense it has is binding arbitration. Since we the public are not really the customers, we have not really agreed to any binding arbitration clause. It is possible the fine pint in our credit application might have some line about binding a

Any sufficiently advanced technology is indistinguishable from a rigged demo. - Andy Finkel, computer guy

Working...