"Catch Me If You Can"

In the wake of the Equifax breach, one year after the event a member of my LinkedIn family requested that I author a post after assessing the outcome that has transpired. First, I want to start by acknowledging the anger and disappointment surrounding this matter and it is through the expression “of the people and by the people” that we are left to make a difference.

The purpose of the post is not to provide a technical postmortem or a chronology of the events but to gain a deeper understanding of the business model and how that impacts the consumer. I recall wondering after having watched all of the congressional hearings what this situation may look like a year from now. 

Equifax stock has recovered from a year ago “to about $10 below its peak before all the bad news and closed Friday (9/8/18) at $135.91 a share. The company has reported a profit of $236 million this year, and second-quarter profit was down just 12 percent from the same period last year despite the breach.” (1)

 Among the most memorable inquires during the hearing was Senator Warren of Massachusetts which quoted the former CEO of Equifax Rick Scott stating in August of 2017, “fraud is a huge opportunity for us, it is a massive growing business for us." Senator Warren continued to proclaim that the breach of the system actually creates more opportunity for fraud then prior to the breach and which Mr. Smith acknowledged. In short, the breach of the system actually creates more opportunities for Equifax to generate revenue.

 "Equifax and other big credit reporting agencies keep profiting off a business model that rewards their failure to protect personal information," Sen. Elizabeth Warren, D-Mass (1)

 Revenue Sources:

1.      Credit Monitoring – IE. Equifax provides 1 year of monitoring, 7.5 M have signed up post breach, $200 M in revenue

2.      Indirect Channels – IE. Life Lock – 10-fold increase post breach

3.      Fraud Identity Protection Services for government agencies

Since 2012 until the time of the breach, Equifax has disclosed four separate breaches in which personal data was compromised. Over that same period, Equifax’s profits have increased by 80%. The Senator went on to state that Equifax did a poor job of protecting our data because they did not have a reason to care for protecting our data, “the incentives in this industry are completely out of whack.” Note, the average recovery for a data breach for the consumer is less than $2.

 While conducting research, one interview which particularly resonated from the rest was Frank Abagnale, the young teenager best known for the blockbuster movie and screenplay “Catch Me if You Can” for perpetrating a Pan Am pilot and notoriously travelling the world committing bank fraud. Perhaps one of the first well known “social engineers” of our time. Mr. Abagnale has since gone on to become a senior consultant for the FBI.

 Mr. Abagnale articulates that credit card information has a relative short life span on the “Dark Web” and must be sold and used quickly, in contrast the nature of the personal information obtained in the Equifax breach can go dormant for many years before it is utilized and therefore a year of identity protection is “worthless”.

In summary, “one year after the public learned of the breach, no federal agencies have announced any enforcement actions.” (1) While consumers receive less than $2 per breach, Equifax could profit north of $200 M per year into the foreseeable future. Over a five-year period, that is over $1 B in revenue. I have limited alternatives than to conclude that our data, privacy and identities are a small price to pay in order to secure the future profits of Equifax.

We must continue to question why “A bill introduced to sanction companies like Equifax in case of appalling breaches slowly died out, while another bill that would reward Equifax despite privacy breaches was introduced a few months later.” (2)

What you can do:

1.      Express your dissent to the Consumer Financial Protection Bureau and the FTC

2.      Write your congresswoman, congressman, senator or anyone that will listen and act

3.      Acquire protection from an alternative source that is not an indirect channel of Equifax

4. Carefully evaluate whether placing a freeze on your credit file is best for your scenario. In a Few Days, Credit Freezes Will Be Fee-Free.

Sources and Notes:

1 - https://abcnews.go.com/Technology/wireStory/year-equifax-breach-enforcement-actions-57697744

2 - https://www.zdnet.com/article/us-government-releases-post-mortem-report-on-equifax-hack/

3 - https://youtu.be/vsMydMDi3rI

4 - https://www.forbes.com/sites/timmaurer/2017/09/12/the-big-takeaway-from-the-equifax-hack-only-you-can-protect-your-identity/#4aec9b73ec7e