Equifax [EFX] is the latest casualty of a massive data breach. Equifax recently disclosed that a cybersecurity incident may have affected 143 million U.S. consumers. According to Equifax, the incident occurred between May and July 2017. The breached information included names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers. Around 209,000 credit card numbers and 182,000 dispute documents were also accessed.As can be seen above, Equifax’s breach ranks among the largest cyber data breaches of all time, and the largest of 2017, so far. Further, Equifax’s breach is the largest involving Social Security or credit card numbers.
Breaches of financial information and Social Security numbers can often be far more costly to remediate. Of the seven most costly public data breaches, four involved financial information and one involved Social Security numbers.
The two most costly breaches, Home Depot and Target, were the result of compromised point-of-sales equipment. In each case, the companies were required to update their in store equipment in order to enhance security of payment transactions. Equifax is unlikely to incur these types of equipment costs; however, they may face substantial legal costs. Already, over 30 lawsuits have been filed against Equifax due to the breach, according to Reuters.
Historically, legal settlement costs associated with breaches have not been substantial. In 2016, Sony settled a class action for just $15 million associated with their massive 2014 breach. Additionally, Target paid just $67 million to settle three separate suits related to its 2013 breach of more than 100 million records.
However, Equifax’s breach may be more comparable to Anthem’s than Sony’s or Target’s. Both Anthem and Equifax lost enormous numbers of consumer Social Security numbers, along with other personally identifiable information. Earlier this year Anthem agreed to pay $115 million; the largest settlement ever for a data breach. And Equifax’s breach could be even more costly as they lost almost twice as many consumer records.
Audit Analytics tracks all public company cyber data breaches and is available for purchase as Exploratory Research. Our analysts engage in this research to help better understand current market conditions, and track the latest disclosure trends and regulations as they impact financial reporting.
For more information or to purchase any exploratory research, please email us at email@example.com or call (508) 476-7007.