back to article Exposing 145m Equifax customer deets: $240m. Legal fees: $28.9m. Insurance: Priceless

The Equifax mega-hack has cost the credit reporting agency well north of $200m to date, according to a financial filing for calendar Q1. In September 2017, Equifax 'fessed up to a breach that exposed the data of more than 145 million people. The cost of the breach in the latest full quarter ended 31 March was $68.7m, taking …

  1. BebopWeBop Silver badge
    Facepalm

    So one again they get off ohh so lightly for this. Proper fines and jail please

    1. HildyJ Silver badge
      Mushroom

      Jail

      To heck with fines, there should be jail time for aiding and abetting identity theft and, for the higher ups, conspiracy to aid and abet identity theft.

      1. a_yank_lurker Silver badge

        Re: Jail

        Or may be a wee bit harsher sentence? Might focus other C-Suites to focus on their responsibilities.

  2. The Nazz Silver badge

    Nah, keep it simple, save jail costs.

    Just have the execs ( the C suite - a US expression? ) and the top IT bod, each and everyone of them, publish ALL* of their personal details on the web for a period of 1 year. In an easy to reach and well publicised site.

    * every single detail, every financial account [numbers and sort-codes (US equivalent?)] phone numbers, family members and addresses.

    That will certainly have an impact.

    NB : though i do believe that potential jail time for Execs and relevant personnel is long overdue for acts of an unlawful nature.

    1. HildyJ Silver badge

      Re: Nah, keep it simple, save jail costs.

      New idea as far as the punishment fitting the crime - take all the execs who should have done something, print a copy of the leaked data, and make them eat it.

    2. Cuddles Silver badge

      Re: Nah, keep it simple, save jail costs.

      "Just have the execs ( the C suite - a US expression? ) and the top IT bod, each and everyone of them, publish ALL* of their personal details on the web for a period of 1 year. In an easy to reach and well publicised site."

      They probably already have Facebook accounts.

  3. DNTP

    "Rebuilding customer trust"

    Just a reminder that in this Brave New Business Model these parasitic aggregators are adopting, individual persons with their personal information are not the 'customers'. They/we are the products.

  4. Doctor Syntax Silver badge

    "Equifax clawed back some $10m from insurers in the quarter, taking the tally to $50m since the embarrassing incident. The company noted that it maintains $125m of cybersecurity insurance."

    I wonder what their premium's likely to be in future.

  5. Anonymous Coward
    Anonymous Coward

    $240m....???

    Just the cost of doing business!

    1. Anonymous Coward
      Anonymous Coward

      Re: $240m....???

      EXACTLY ! Until companies who fail the security and integrity tests are fined BILLIONS for their negligence, these types of disasters that cost consumers BILLIONS in damages will continue. If Equifax can generate over a half BILLION in revenues per quarter, they can afford to pay a $100 Billion fine for their negligence and apathy.

  6. sanmigueelbeer Silver badge
    Happy

    This month's layout includes some $45.7m spent on IT and data security, which covers both tech efforts – such as IT infrastructure, application, network and data security improvements – and the people hired to carry out the work.

    Breakdown is going to be:

    People hired to carry out the work: $45.5m

    Tech efforts: $0.2m

    Did I miss anything?

    1. Doctor Syntax Silver badge

      "Did I miss anything?"

      Probably more like $25.5 million to people doing the work, $20 top management bonuses for telling someone to get it done.

  7. Warm Braw Silver badge

    Cost the credit reporting agency?

    They get their money thruogh what is effectively a private tax on consumers' financial transactions. In the end, it will cost them nothing - they'll just nudge up their charges to claw it back.

  8. Anonymous Coward
    Anonymous Coward

    Profit

    The big question is when will the Equifax executives face punishment?

    THEY opened security hole deliberately as "cover" because equifax executives were the ones who sold their own data illegally to advertisers and pocketed the cash personally.

    They sold stocks just BEFORE the breach became public.

    Now companies THEY OWN are claiming "fix" the security issues (at cost).

    Total utter ballsup and these people need to go to prison for a VERY VERY long time, AND have every penny they own confiscated as proceeds of crime.

    1. Anonymous Coward
      Anonymous Coward

      Re: Profit

      That's an interesting theory I never heard before. Sell off the data illegally, weaken the system and wait for the inevitable data theft, and you have cover for why data firms now have all this data on people.

      Sounds nice in theory, but practicality of pulling off is somewhat meh, also consider that data firms would need to explain the origin of their data as being pulled from data dumps, and now too many people working at those data firms know and will eventually leak.

      It sounds nice, but its not very workable.

  9. Mr Dogshit

    Custodian my arse

    You can look forward to receiving a letter from me on 25th May.

  10. doublelayer Silver badge

    Quick math + I like privacy and consequences = anger

    So, this company has spent $242.7m dealing with their security problems. And those security problems caused the leak of data for 145 million people.

    $242700000/145000000 people = $1.674 per person.

    OK. That's nice. I suggest legislation that makes these companies liable on a per-user basis for say, $200. A small system mixup leaks two hundred users: $40k, enough to give the company a notice that that's not OK and to get in line, but not enough to hurt them. A large system mismanagement leaks ten thousand users: $2m, enough to indicate that you've messed up and you have responsibilities to your users. A complete lack of regard causes the leak of a hundred million users: $20b, hopefully enough to know that the company will be in really bad financial status at the end. The company should think that through before they decide to not care. That's the law I'd suggest if I ever ran for office. Now if I could actually ensure its passage, that formula would be edited somewhat, with the multiplication sign removed and the exponent sign added.

    How do I get that passed without running for office and getting a ton of friends to do that too?

  11. unwarranted triumphalism

    Let's not lose our perspective here

    It was a minor incident of no real importance. Think before assembling the lynch mob for once.

    1. doublelayer Silver badge

      Re: Let's not lose our perspective here

      I'm thinking. I'm thinking three things:

      1. 145 million people

      2. data not provided by choice, collected by company

      3. data very difficult to change if leaked

      Please let me know what I'm missing that makes this minor. Thanks.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020