TDWI Upside - Where Data Means Business

One Year Later: The Impact of Equifax's Data Breach

A company's reputation still suffers a year after a major data breach. Results of a new survey show how negative sentiment can linger.

In 2017, consumer credit agency Equifax suffered a major data breach. Between May 13 and July 30, hackers accessed approximately 145.5 million consumers' personal data, plus credit card credentials for at least 209,000 consumers.

For Further Reading:

Lessons from the Equifax Data Breach

All Data and No Security Orchestration Makes You an Ineffective Security Analyst

Top 5 Cloud Security Threats You Need To Understand

Equifax is one of the three major credit agencies entrusted with confidential information for hundreds of millions of Americans. The breach made national and international headlines and caused its shares to drop 13 percent in the immediate aftermath. Lawsuits regarding the incident are still ongoing.

Data security officials often warn that the effects of a data breach can be long-lasting. Results from a 2018 survey of American consumers give new insight into those effects. The LendEDU survey was administered online to 1,000 adult Americans to determine how people felt about Equifax in the wake of the hack. The results are particularly instructive for any company that believes that data privacy isn't important.

Far-Reaching Impact

The majority of people surveyed were aware of the Equifax hack. A year after the incident, 72.9 percent of survey respondents knew about the breach, compared to 84.2 percent who knew immediately after the breach occurred.

Many Americans were worried about potentially being affected by the hacking. In 2018, 57.2 percent said they had checked to see if their data had been stolen. Over one-third (35.5 percent) of those who checked discovered their information had been compromised. These numbers demonstrate that even a year after the announcement of the breach, the public is still very aware of the cybersecurity incident.

One of the most challenging aspects of the Equifax breach for many consumers is the fact that they do not have a choice about their data being included in its system. Even though Equifax did not have adequate cybersecurity measures in place, public perception has not remained strongly negative. In 2017, a majority (54.2 percent) of respondents believed that Equifax should no longer serve as a credit bureau, but by 2018, that figure dropped to 46.2 percent -- a significant decrease. (In 2018, one-third of respondents were not sure if Equifax should lose their status; 20.4 percent felt they should not.)

Has Equifax Improved Its Company Image?

After the data breach, Equifax took two steps intended to remedy the issue: free credit monitoring for one year and a waiver of the requirement that all disputes be settled through arbitration. These offers were meant to both protect consumers from the impact of the hacking and soften the public relations blow on Equifax. Were they effective?

The LendEDU survey found that consumers were of two minds about Equifax's attempts to remedy the problem. Almost one-third (30.6 percent) said these steps had helped to change their minds about Equifax for the better, but nearly as many (28.4 percent) had not yet forgiven the company (20.3 percent did not have an opinion).

Although after-the-fact remedies can appease some consumers, they may not be enough to prevent hackers from utilizing stolen data. Such actions also might not satisfy other customers, who may be angry that their data was not secure in the first place.

Lessons Learned

The Equifax breach was certainly unique in its scope, but it offers important lessons for all businesses operating in today's economy. More information than ever before is being stored in the cloud and other electronic systems, increasing vulnerability to potential hacks.

Although it can be difficult to prevent hacks, having a strategy in place in the event your data is breached is critical.

  • Work to help consumers (you can offer credit monitoring or other services)
  • Increase your cybersecurity measures to prevent future attacks
  • Show your customers how you are improving security through open communication and a commitment to transparency

About the Author

Michael Brown is a research analyst at LendEDU, a personal finance comparison site based in Hoboken, New Jersey. In his role, Michael uses both survey and publicly available data to identify and analyze emerging personal finance trends, in addition to telling unique stories with original data. Michael's work has been featured in major media, including The Wall Street Journal, The Washington Post, Forbes, Bloomberg, and CNBC. You can reach Michael via email or through LinkedIn.


TDWI Membership

Accelerate Your Projects,
and Your Career

TDWI Members have access to exclusive research reports, publications, communities and training.

Individual, Student, & Team memberships available.