Equifax’s quarterly profits have dipped and the company’s revenues come in lower than forecast as a result of the costs arising from dealing with a major cyber attack this year, which was only revealed in September. 

The cyber attack affected more than 145 million accounts in the US and more than 15 million in the UK. Sensitive personal information was compromised by persons unknown as a result of the attack, although the company claimed that the attack emanated from China.

In a statement issued by the company on Thursday, the firm admitted that profits had tumbled and that it is now in the process of dealing with more than 240 class-action lawsuits and 60 government-linked inquiries.

It has also radically increased spending on IT security – and lawyers – to deal with the incident. This has caused its operating expenses to balloon, it admitted. 

Quarterly profits at Equifax fell by 27 per cent, and revenue in the quarter was way below expectations.

In total, while revenue in the latest quarter grew by four per cent, reaching $834.8m, the firm had previously forecast revenue growth of six per cent.

The company was hit with $27.3m of costs from when the attack took place, and it has spent $56m on free credit monitoring in part-compensation for the data breach. These costs could reach $110m, the company warned shareholders.

Paulino do Rego Barros, who was appointed interim CEO after the company’s previous CEO, Richard Smith, left following the data breach, said that the company had already invested a great deal of resources to belatedly improve its IT security.

It has also hired a team of cyber security specialists to provide guidance on the right strategies to protect customer data better, and is installing a range of vulnerability- and intrusion-detection tools, added Barros.

“We recognise that we have an important journey in front of us to regain the trust and confidence of consumers and our business customers,” it said in a statement.

It continued: “Certain of our customers have determined to defer new contracts or projects unless and until we can provide assurances regarding our ability to prevent unauthorized access to our systems and the data we maintain.”

James Barrett, senior director EMEA of Endace, added: “The recent Equifax hack was not the biggest hack in recent years, but was probably the most dangerous.

“Enough of consumers’ personal data is now in the wild that their identities can be stolen, and it took two months for Equifax to confess, which means that those people were at risk without knowing it.

“From a technology point of view, the reality is that most breaches are preventable. In this instance it is speculated that the breach was made possible by an Apache Struts vulnerability first announced in March.

“However, there will always be breaches that cannot reasonably be prevented, and for these a solid remediation plan is needed.” 

Further reading