[BreachExchange] Equifax data breach: Incident has cost the firm $1.4 billion so far

Destry Winant destry at riskbasedsecurity.com
Mon May 13 09:40:15 EDT 2019 

https://www.itpro.co.uk/data-breaches/29418/equifax-data-breach-cost-14-billion-so-far

Costs relating to the breach, excluding some legal fees, are valued at
more than 350 times the global average

The greatest security catastrophe of modern times has cost Equifax
more than a billion dollars to date, according to the firm's latest
financial results.

The 2017 data breach incident saw the US-based credit rating agency
expose more than 145 million people's personal records to hackers due
to flaws in its systems. The breach was sizeable, but deemed highly
alarming due to the nature of the information stolen; ranging from
full names and addresses to credit card information.

Equifax has now revealed that costs relating to the incident, as well
as expenditure on IT and data security, have reached $1.35 billion,
excluding a raft of legal fees for lawsuits that are yet to be seen.

This stands at more than 350 times the average cost relating to a data
breach, according to IBM research released last year, which found that
these costs normally average $3.86 million for a large breach. Even
for US-based breaches, which cost $7.91 million on average, Equifax's
costs are 170 times greater.

For the first quarter of 2019 alone the company incurred $786.8
million dollars in costs, including $690 million in legal expenditure.
The total sum also included $82.8 million for technology and data
security, $12.5 million for legal and investigative fees, and $1.5
million for product liability.

The company's chief executive Mark Begor told investors in a
conference call that Equifax had made progress since the 2017 breach,
according to WABE. This is notably by settling legal action brought
against the firm.

While costs relating to the Equifax breach are extraordinary by
conventional standards, they fall short of the gargantuan $4 billion
'worst-case' figure once tied with the 2011 Epsilon breach.

This sum was determined by research into the incident at the time,
which suggested the estimated total damage could hit between $3 to $4
billion over time, when forensic audits, monitoring, litigation and
lost business were taken into account.

More information about the BreachExchange mailing list