Moody’s Lowers Equifax Rating After Cyberattack

Moody’s has lowered its rating outlook on Equifax due to cybersecurity issues.

Moody’s lowered the credit monitoring company’s outlook from stable to negative on Wednesday (May 22) as Equifax continues to try to recover from its massive 2017 breach that compromised the personal information of more than 145 million U.S. consumers, including Social Security numbers, drivers’ license numbers and credit card data. It is one of the most expensive hacks of a corporation ever.

“We are treating this with more significance because it is the first time that cyber has been a named factor in an outlook change,” Joe Mielenhausen, a spokesperson for Moody’s, told CNBC. “This is the first time the fallout from a breach has moved the needle enough to contribute to the change.”

And earlier this month Equifax reported a 2 percent year-over-year revenue decline for the first quarter of 2019. According to Equifax CEO Mark W. Begor, the company continues “to make progress to resolve the litigation and regulatory matters related to the 2017 cybersecurity incident.” He said that during the first quarter of 2019 Equifax “took a $690 million charge that includes our estimate of losses we expect to incur in connection with a potential global resolution of the consumer class action cases and the investigations by certain federal and state regulators.”

The Q1 revenue came in at $846.1 million, which was slightly below analyst estimates. The company posted a net loss attributable to Equifax of $555.9 million, which compared with a net income of $90.9 million in the first quarter of 2018.

The Moody’s note also attributed Equifax’s substantial cybersecurity investments as an issue for its future strength.

“We estimate Equifax’s cybersecurity expenses and capital investments will total about $400 million in both 2019 and 2020 before declining to about $250 million in 2021,” the note said. “Beyond 2020, infrastructure investments are likely to remain higher than they had been before the 2017 breach.”