Equifax's first quarter earnings report highlighted expenses due to its September 2017 data breach and how the spending is shifting more toward IT and security.
In its first quarter earnings report, Equifax outlined that it spent $45.7 million for the three months ended March 31 on IT and data security. The company has been staffing up to bring on expertise to shore up its security.
Equifax confirms 2.4 million more victims of cyber attack | Equifax hires Home Depot's CISO to lead security turnaround | Former Equifax executive charged with insider trading after data breach
Legal and investigative fees tied to the data breach, were $28.9 million. The total for the first quarter, was $68.7 million. In the fourth quarter, Equifax disclosed that it spent a net $114 million for 2017 on the data breach. However, $50 million of data breach costs were covered by insurance.
Equifax said it will spend heavily on IT at least through 2019 in an effort to build an industry leading data security system. On a conference call with analysts, CEO Mark Begor said the company didn't have visibility into investment plans beyond 2018.
My expectation is that there will be work that will go beyond '18 to complete our data security and infrastructure rebuild.
We're being very aggressive about attracting the absolute best talent in the IT and data security space. We're investing heavily to ensure we're market leaders around data security and we will also enhance the transparency of all our transformation efforts with all our constituents, our customers, consumers and the public as we drive this transformation forward.
Here's the fourth and first quarter data breach expenses.
What's happening is that Equifax is shifting gears more from remediation to prevention and even some product development. The company said:
In the first quarter of fiscal 2018, the Company recorded a total of $78.7 million of pretax expenses related to the cybersecurity incident and incremental IT and data security costs. The $45.7 million of IT and data security costs include incremental costs to transform our IT infrastructure and improve application, network, and data security, and the costs of development and launch of Lock and AlertTM. These include, but are not limited to, costs for people, professional and contracted services, technical services and products, and other costs added either directly or indirectly to manage, execute, and support the implementation of these plans. The $28.9 million of legal and investigative fees include legal fees and professional services costs to investigate the cybersecurity incident and respond to legal, government, and regulatory investigations and claims related to the cybersecurity incident. The $4.1 million of product liability costs include the expected costs of fulfillment of TrustedID Premier and support of consumers using TrustedID Premier.
Equifax also said that it has $125 million in cybersecurity insurance and a $7.5 million deductable. Insurance has covered $60 million of the data breach costs to date.
PREVIOUS AND RELATED COVERAGE
Equifax says more private data was stolen in 2017 breach than first revealed
The credit rating agency said it didn't originally announce "potential" data points, like tax identification numbers, that "may have been accessed" by hackers.
Equifax's big fat fail: How not to handle a data breach
The ineptitude of Equifax following a data breach impacting 143 million people is galling. At least Equifax gave us a playbook for how not to handle a breach.
Equifax, Yahoo fail to answer the most basic questions during Senate hearing
Senators were left frustrated as Yahoo didn't know how it was hacked, and Equifax still didn't know who.