We’ve discussed the havoc reputational damages have wreaked on large corporations before, most recently regarding Wells Fargo.[vi] The wide-spread and irreparable nature of these damages are once again applicable to Equifax.
The day after the breach, shares of Equifax fell 14%.[vii] What is unique about these reputational damages is that while customers cannot always control whether they are customers of Equifax, they can control the banks, stores and other businesses they give their patronage and loyalty to. After all, it is these institutions that gave away our information to Equifax without instituting appropriate third-party risk management monitoring over who they gave it to.
To bring this home, let’s look at the impact of the breach for the typical consumer. The average recovery time spent from identity theft is 175 hours and victims spend an average of $1,400 in out-of-pocket expenses. While tempting, the consumer cannot associate these losses with Equifax, but with the financial services institutions that have our business today.
I believe customers’ outrage will cause a massive shifting of funds and business to those institutions that can demonstrate competent enterprise risk management. Whether Equifax will survive this incident remains to be seen, but I believe that consumers and investors in addition to regulators will start scrutinizing the risk management practices of the banks, stores and other organizations they do business with.
[i] WSJ. Equifax Reports Data Breach Possibly Affecting 143 Million U.S. Customers.
[ii] QZ.com. The hackers who broke into Equifax exploited a flaw in open-source server software.
[iii] William Baird & Co. Report on Equifax.
[iv] New York Times. Equifax Hack Exposes Regulatory Gaps, Leaving Consumers Vulnerable.
[v] Identity Theft Resource Center. Breach Report.
[vi] Steven Minsky. The Wells Fargo Scandal is a Failure in Risk Management.
[vii] WSJ. Equifax Reports Data Breach Possibly Affecting 143 Million U.S. Customers.
[viii] Steven Minsky. Wells Fargo Data Breach: The Saga Continues (Part 1)