Equifax doesn’t sell cameras or phones like B&H Photo, or shoes like Zappos, or flannel shirts and work boots like L.L. Bean, or books and pruning saws like Amazon. Equifax exists for only one reason: to collect, maintain, and securely keep people’s financial information. They didn’t do that, and because they didn’t perform the only function demanded of them, they should be given the option of paying hundreds of billions of dollars in reparations or simply disappearing. I would prefer the latter and settle for the other, but nobody in our new deregulatory government will enforce either punishment. Equifax, like the banks and investment houses a decade ago, is too big to fail, even though it has failed spectacularly.
Worse (not that releasing the financial information of 143 million people requires a worse) but Equifax will profit from this in the long run. Right now the company is offering free security for one year with a reputable identity-protection company called TrustedID which is (gasp!) owned by Equifax. After that free year is up and the news story itself has evaporated, all that stolen data will still be out there, a situation that will require yearly no-longer-free memberships in TrustedID at about $200 a year. Not exorbitant, but if you multiply that by 143 million you get something in the vicinity of $29 billion in prospective income…per year…forever. (See? Hundreds of billions in reparations is probably doable.)
And here’s another little tidbit. Though there is some debate, it may be that enrolling in this yearlong free identity protection will result in the waiving of your rights to participate in any class action suits that may result from this breach. Equifax can profit and avoid reparations of any kind.
Last year Equifax showed revenue of three billion dollars and a net income of just under $500 million. Their CEO Rick Smith takes home an annual salary of $1,450,000—not obscene for a CEO—but with stock options and the like, it’s just south of five million. When pressed for comment on the Equifax breach, Mr. Smith was apologetic and agreed that the company would have to do better. You think?
There’s also a story floating about of how Equifax executives sold almost two million dollars worth of stock shortly after the security breach was discovered, but before the public was apprised. The deals came pretty much out of the blue, i.e., they were not anticipated, scheduled, or engineered into some salary agreement.
It’s true that Yahoo suffered a larger breach that had some impact on more people, and the Target debacle was not far behind. But Yahoo and Target don’t own every bit of financial information anyone has, and they aren’t the company tasked with the responsibility of protecting it. That function falls on Equifax, among others. Most annoying of all, while we scurry around trying to secure what we have, Equifax may suffer some embarrassment and some loss of reputation, but through it all the money will keep pouring in. It already is.