Home Insights Dealing with Bad (Equi)Fax - What Can Your Company Do Differently?

Dealing with Bad (Equi)Fax - What Can Your Company Do Differently?

Publication
September 25, 2017
Author: Kelly Ruane Melchiondo

Equifax, one of the nation's largest credit reporting agencies, announced in early September that it suffered a massive data security breach from May through July 2017, potentially exposing Social Security numbers and other personal information of approximately 134 million customers. The initial announcement was shocking. Arguably worse for Equifax, however, has been its apparent mishandling of the information it releases to the public post-breach.

Equifax's initial announcement did not explain why Equifax waited over two months - into early September -- to announce the May-July breach. There are several plausible explanations. With a breach of this magnitude, thoroughly investigating the source of the breach and the number of customers affected could take months.

Moreover, no uniform statute or regulation governs a nationwide data security breach. Companies such as Equifax must adhere to the laws of all 50 states, which vary on everything from what actually constitutes a breach to when and how to report a breach to law enforcement and other governmental agencies, to how to conduct the investigation.

Equifax likely expended a considerable amount of time and money consulting with advisors on compliance with state laws. Equifax should have explained that when it announced the breach. Its silence instead led many to question Equifax's motives.

Worse, just days after Equifax announced the breach, media outlets reported that Equifax's chief financial officer and two other senior executives sold approximately $2 million of Equifax stock between Equifax's discovery and public announcement of the breach. The U.S. Department of Justice has opened an investigation into potential insider trading. Equifax's spokesperson claims the executives were unaware of the breach when they sold their stock.

Completing the bad-news trifecta, on September 20, 2017, media outlets reported that for at least two weeks, Equifax's official Twitter account inadvertently directed users to a look- alike phishing website set up to spoof Equifax's legitimate customer information site. The fake website, which uses an address that is nearly identical to Equifax's legitimate website, asks customers to enter their information to register for free credit monitoring. When the media reported the error, Equifax's Twitter account deleted only one of several tweets that directed customers to the phishing site.

While it is too early to determine the impact and consequences of the Equifax breach, there are immediate lessons to learn. The most important is to hire competent consultants to assist in the investigation of the breach and experienced crisis- managers to manage the timing and content of the company's public statements about it.

Related Practices
Data Privacy & Security
RELATED PEOPLE
Kelly Ruane Melchiondo
Kelly Ruane Melchiondo
Partner
YOU MIGHT ALSO LIKE
Speaking Engagement September 27, 2024
U.S. Transparency Improvements
Paul D'Alessandro, Jr. serves as a speaker at the STEP LATAM Conference in Buenos Aires, Argentina. Paul's presentation - U.S. Transparency Improvements - is an overview of recent U.S. transparency developments including the practical application of the reporting requirements imposed by the Corporat...
Press Release July 23, 2024
Bilzin Sumberg Named to Bloomberg Law’s Diversity, Equity, and Inclusion Framewo...
Bilzin Sumberg is proud to announce that it has been named to Bloomberg Law’s fourth annual Diversity, Equity, and Inclusion (DEI) Framework. Bilzin Sumberg is one of only 57 U.S.-Based Firms that were included in the 2024 Framework.
Press Release July 23, 2024
John Trach Appointed Deputy Chair of Bilzin Sumberg Cares Program
Bilzin Sumberg is pleased to announce the appointment of John Trach as Deputy Chair of the Bilzin Sumberg Cares Program.John will work alongside Program Chair Lori Lustrin to further strengthen the firm's commitment to community service and philanthropic initiatives.
VIEW MORE