Security Experts:

Equifax: Hack Related Expenses Cost Company $87.5 Million in Q3

Equifax on Thursday said that during the third quarter of 2017, it incurred $87.5 million in expenses related to the massive hack that was disclosed on September 7, 2017. 

The credit reporting agency provided a breakdown of expenses as follows: $55.5 million in product costs, $17.1 million professional fees—a good portion which likely was paid to FireEye's Mandiant division, attorney's, and any other firms hired as part of the incident investigation and response. Customer support costs was marked at $14.9 million.

The expenses related to the cybersecurity incident, the company says, include “costs to investigate and remediate the cybersecurity incident and legal and other professional services related thereto, all of which were expensed as incurred.”

The company also said that it would be liable for additional costs stemming from the free credit file monitoring and identity theft protection that it is offering all U.S. consumers. 

“We have therefore recorded an estimate of the expenses necessary to provide this service to those who have signed up or will sign up by the January 31, 2018 deadline. We have incurred $4.7 million through September 30, 2017 and have estimated a range of additional costs between $56 million and $110 million,” Equifax said in an earnings release.

Soon after the breach was disclosed, Chief Security Officer Susan Mauldin and Chief Information Officer David Webb announced their immediate departure from the company.

Equifax says that it maintains data on more than 820 million consumers and more than 91 million businesses worldwide.

In addition to the direct costs associated with the breach, Equifax has lost billions in market cap due to a falling share price after the breach was disclosed. Immediately prior to the breach being disclosed, shares of Equifax traded at roughly $142. Shares of the company (NYSE: EFX) are currently trading at $106.20 in after hours trading.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the treat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences.