A day after posting sizeable profit declines due to a massive data breach, Equifax said it expects to incur related costs of between $60 million and $75 million in the current quarter. The Atlanta company reported a 27 percent slump in third-quarter profit, largely due to a hack that exposed the personal information of 145 million Americans.
Opening a conference call Friday, interim CEO Paulino do Rego Barros Jr apologized again for the breach, and said executives will not be receiving bonuses. Richard Smith, who appeared before Congress to explain what happened, stepped down as CEO less than three weeks after the credit report company was hacked. Equifax Inc is trying to keep clients from fleeing and also outlined ways in which it is strengthening security.
It revealed Thursday that, in relation to shares sales by executives in the immediate aftermath of the breach, it has now received subpoenas from the US Securities and Exchange Commission and the US Attorney’s Office for the Northern District of Georgia, where it is based. Word of the subpoenas arrived one week after the company said that an internal review, done by a special committee of independent directors, found that four executives who had sold a combined $1.8 million worth of shares in the immediate aftermath of the breach had done nothing wrong.
“We have received requests for information and subpoenas for a number of United States and Federal Regulatory Agencies and several regulatory agencies outside the US,” Barros said. “In each case, we are cooperating with agencies to provide the requested information.” The company said Thursday that it had recorded $87.5 million in costs related to the breach in the last quarter. So far, more than 240 class actions have been filed by consumers against Equifax in federal, state and Canadian courts relating to the cybersecurity incident. Various other investigations now surround the data breach and the company.
What makes the data breach so dangerous is the information that Equifax holds. Social security numbers, identification, addresses and personal information held by Equifax and the two other, major credit agencies is used to determine a person’s creditworthiness.
“We are also working to monitor for the use of storing personal identifiable information, being used for furthering transactions,” Barros said Friday. “And to date, we do not have any evidence that we can probably add problem activity to data stolen from Equifax.”