Equifax shares slump on breach disclosure

This July 21, 2012, photo shows Equifax Inc., offices in Atlanta. Credit monitoring company Equifax says a breach exposed social security numbers and other data from about 143 million Americans. The Atlanta-based company said Thursday, Sept. 7, 2017, that “criminals” exploited a U.S. website application to access files between mid-May and July of this year. (AP Photo/Mike Stewart)

This July 21, 2012, photo shows Equifax Inc., offices in Atlanta. Credit monitoring company Equifax says a breach exposed social security numbers and other data from about 143 million Americans. The Atlanta-based company said Thursday, Sept. 7, 2017, that “criminals” exploited a U.S. website application to access files between mid-May and July of this year. (AP Photo/Mike Stewart)

One of the largest-ever data breaches in U.S. history sent shares of Equifax sharply lower Friday following Thursday’s disclosure.

Shares were down about 14 percent at 10:30 a.m. Friday the morning after the Atlanta-based credit reporting giant said a breach exposed the personal information of 143 million U.S. consumers.

The personal information said to have been accessed — also including Social Security numbers, names, birth dates and addresses — is some of the most sensitive possible, and could leave consumers vulnerable to identity theft and financial fraud for years, experts said. Personal identity information can be used over and over and fetch high prices among criminals.

The stock closed Thursday at $142.72, and plummeted once Equifax officials announced the breach after trading ended. Shares opened this morning at $121.82 amid heavy trading volume.

In a research note to investors, Jeffrey P. Meuler, a senior research analyst for Robert W. Baird & Co., called the breach “significant,” but the dip in after-hours trading “seems like an overreaction based on our understanding of events.”

“We expect near-term operating headwinds plus material event-related expenses,” Meuler wrote. “However, we believe [Equifax’s] access to key data sources are unlikely to be affected, and client relationships and [Equifax’s] brand are unlikely to be meaningfully impaired intermediate to long term.”

The company also came under fire for stock sales by three executives on Aug. 1 and Aug. 2, days after Equifax said it learned of the breach, but before it became public.

Consumer credit reporting agency Equifax, whose headquarters is in Atlanta, said a breach of its computer systems had exposed the Social Security numbers and birthdates of up to 143 million U.S. consumers. (Dreamstime/TNS)

icon to expand image

Bloomberg first reported three executives — Chief Financial Officer John Gamble, Joseph Loughran, who heads its U.S. information solutions business, and Rodolfo Ploder, who runs the company's workforce solutions operation – sold nearly $1.8 million in stock in the days after Equifax discovered the cyber-attack.

The sales were not part of a schedule sale, and Equifax told Bloomberg the three executives “had no knowledge that an intrusion had occurred at the time.”

Meuler said in an interview such an explanation is plausible.

“I think it’s plausible the executives may not have known the situation or the severity of this incident,” Meuler said, calling them “foolish” if they did.

The company also is likely to experience fines from regulators, much as Home Depot, Target and Anthem have for recent large breaches, according to a note to investors from Wells Fargo Securities.

Wells Fargo said Equifax faces risk of losing some business to its direct-to-consumer security products division, higher expenses for legal, customer service and security consulting needs as well as potential future government penalties.

The attack has gotten the attention of members of Congress.

U.S. Sen. John McCain, R-Ariz., tweeting a Wall Street Journal article about the breach, said it “underscores the need for a #cyber strategy”

Meanwhile, U.S. Rep. Ted Lieu, D-Calif., in a tweet questioned the delay in notifying the public.

“Dear @Equifax: When you say “recently” do you mean about a month and a half ago? Why did you wait so long before disclosing the breach?”

Resources for consumers

Equifax said it would provide a free one-year package of credit monitoring and ID protection services: https://www.equifaxsecurity2017.com/

Privacy Rights Clearinghouse: https://www.privacyrights.org/consumer-guides/what-do-when-you-receive-data-breach-notice

Federal Trade Commission: https://www.identitytheft.gov/Info-Lost-or-Stolen

Related coverage

MYAJC.COM: REAL JOURNALISM. REAL LOCAL IMPACT.

AJC Business reporter J. Scott Trubey keeps you updated on the latest news about economic development and commercial real estate in metro Atlanta and beyond. You'll find more on myAJC.com, including these stories:

Never miss a minute of what's happening in local business news. Subscribe to myAJC.com.