Listen to this article
This is an experimental feature. Give us your feedback. Thank you for your feedback.
What do you think?
Equifax is scrapping executive bonuses and suspending share buybacks as the US credit reporting company counts the cost of one of the most serious data breaches in corporate history.
Speaking on Friday after Equifax released its first financial results since the cyber security scandal came to light, executives warned investors to brace for a mounting bill as lawsuits pile up and a raft of regulators investigate the company.
In the wake of a public outcry, Equifax, which handed five senior managers $17m worth of incentive awards last year, is axing payouts for executives including interim chief Paulino do Rego Barros.
Richard Smith, the former chief executive, has already lost his job after hackers stole financial records on as many as 146m consumers. Equifax failed to fix a software flaw despite a warning from the US government. Social security numbers, widely used by Americans to verify their identity, were among the personal details compromised.
Shareholders are also facing lower capital returns. The company, which bought back $77m worth of its shares since June, cancelled plans for more repurchases this year after the stock dropped about a quarter. “We just don’t think it’s appropriate,” said John Gamble, chief financial officer.
Revenues are also expected to come under pressure. Nervous corporate clients are putting off signing new contracts until Equifax can assure them its systems are secure. Several have demanded IT audits. “We’re hoping to win back their trust,” Mr Gamble said.
Net income in the third quarter dropped 27 per cent from a year ago to $96m as the costs of the breach began to bite.
Initial investigation and remediation expenses, as well as the costs of lawyers and other professionals dealing with the fallout, contributed to a $27m charge in the third quarter.
Free identity theft protection and credit monitoring offered to consumers will add to the bill. The company has so far incurred $5m of these expenses and recorded an additional $56m as a contingent liability. The final tally from the complimentary services could be as much as $115m.
The US company also told investors to expect $60m to $75m on IT spending in the fourth quarter. It warned of a wide range of other costs that it could not put a figure on, including compliance spending.
The disclosures underline the fall from grace for the former investor darling, which plays a crucial role in the consumer finance economy by collating financial records about borrowers and selling them to banks and other companies.
A wide range of regulators including the Securities and Exchange Commission, Federal Trade Commission and Financial Industry Regulatory Authority are probing the company, along with 50 state attorneys-general.
More than 240 class actions against Equifax have been filed by consumers. Unnamed financial institutions have also filed lawsuits, alleging negligence and breach of contract.
Regulators are also examining allegations of insider trading. Equifax said the SEC had subpoenaed the company over “trading activities” by some employees, although it did not provide details. The company has been under scrutiny over share sales by three of its high-ranking executives a few days after it spotted unusual traffic on its servers.
Individual officers and directors, as well as the company itself, also face class action suits that allege violations of securities laws.
Equifax said it was disputing the allegations and said it would defend itself against the claims. It added it was co-operating with regulators.
Officials at the department of Homeland Security told the company in March that it needed to address a software security flaw but it did not do so. Equifax noticed “suspicious” activity at the end of July. It waited six weeks, until September, to reveal that it had been hacked.