Equifax, the credit scoring company that’s embroiled in a massive data breach, expects costs from that to increase $275 million in 2018.
That increase in costs suggests it could turn out to be the most expensive hack of a corporation ever, reported Reuters. Citing comments the company made on a conference call late last week, Reuters reported the $275 million is in addition to the $164 million in pretax costs it reported for the last six months of 2017. Some of the money to be spent in 2018 for the data breach includes technology and security upgrades, legal fees and free identity theft services for consumers who were impacted by the attack. At the end of 2017, the cost from the data breach was $439 million. Of that, Reuters noted Equifax said $125 million will be covered by an insurance policy. Larry Ponemon, chairman of Ponemon Institute, told Reuters the final cost of the breach could end up being more than $600 million. That would include the expenses associated with ending government investigations into the data breach as well as any civil lawsuits lodged against Equifax. “It looks like this will be the most expensive data breach in history,” said Ponemon in the report.
For its fourth quarter, Equifax reported profits that surpassed Wall Street’s forecasts and also disclosed it found 2.4 million more people whose data was compromised in the hack. In a press release, Equifax said it was able to pinpoint about 2.4 million consumers by referencing other information in proprietary company records that the hackers didn’t steal and by tapping the resources of an outside data provider. According to the company, the 2.4 million U.S. consumers were not previously identified as being impacted by the cyberattack.
The information was partial because, in most of the cases, it didn’t include consumers’ home addresses or the state their driver’s licenses were issued. Nor did it include the dates the license was issued or the expiration dates, Equifax said in the release. “This is not about newly discovered stolen data,” said Paulino do Rego Barros Jr., interim chief executive officer, in the press release. “It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers and making connections that enabled us to identify additional individuals.”