The company, which in delightful irony offers credit-monitoring and identity-theft protection products to “guard consumers’ personal information”, said that it had learned of the incident on July 29, 2017, at which point it reported the intrusion to law enforcement and contracted a cybersecurity firm to conduct a forensic review: based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. Oddly enough, it took shareholders and over a third of America, more than a month longer to learn that all their personal data may have been compromised.
As if 143 million leaked social security numbers wasn’t enough, Equifax said that criminals also accessed credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers. But wait, there’s more: the company also identified unauthorized access to limited personal information for certain UK and Canadian residents.
The good news, is that according to Equifax, “this issue has been contained.” The bad news is that, well, as many as 143 million social security numbers have been hacked. So no, it’s not contained.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Equifax Chief Executive Richard Smith said in prepared remarks. “I apologize to consumers and our business customers for the concern and frustration this causes.”
In a Q&A posted on the company’s website, the management team revealed what’s really important with the following question and answer:
Does this cybersecurity incident impact your capital allocation priorities going forward?
Our capital allocation priorities are unchanged at this time. As we have previously indicated, our investment
priorities in order of importance are: (1) internal investment; (2) dividends; (3) acquisition; and (4) share
repurchase. We do, however, expect to increase our capital spending in an effort to further accelerate IT
infrastructure, systems and data security and resiliency improvement actions.
Oh, good, because a hack involving 143 million SSNs is one of those cases where capex probably should have taken precedence over stock buybacks. Don’t worry though, because as it explains in the same quesionnaire, “Equifax remains committed to delivering on the long term financial model of 7-10% revenue growth and 11%- 14% growth in Adjusted EPS on average over a business cycle. Equifax’s long term financial model reflects our continuing fundamental ability to utilize our unique and differentiated data assets and leading analytical capability to deliver high value products and services to our customers.”
Uhm, after this… what customers?
After falling as much as 12% in the after hours, EFX stock had stabilized some 7% lower.
And now the best news: with Putin clearly behind this hack – as “all 17 intelligence agencies”, WaPo and NYT will shortly “confirm” – the US economy is about to undergo a renaissance as hundreds of millions of (unsolicited) purchases prompt a golden age for US retailers while sending Amazon market cap into the $1 trillions… even if the shipping address for said purchases happen to be small, frigid villages deep in the Russian taiga.
Full statement from Equifax here.