(FinancialPress)—Confidence in credit-rating giant Equifax Inc. (NYSE:EFX)(NASDAQ:EFX) took a dive this week, as cyber security experts and customers reacted very negatively to the company’s response to a hack that may have swiped the confidential personal details of up to 143 million Americans. By Friday morning, EFX stock had already fallen as much as 18% earlier in the day, and continues to get hit hard.
The hack is now being billed as one of the largest security breaches ever recorded, with the heightened danger coming from the level of confidential details within the information exposed.
According to cyber research experts, the Equifax hack is extremely dangerous, given that the hack likely pulled names, social security numbers, dates of birth, driver’s license numbers, addresses and possibly more.
CYBER SCARES BECOMING COMMONPLACE
Information exposed through security breaches caused by ambitious hackers are becoming more common, and the damages they inflict are becoming worse.
One doesn’t have to look too far back to the recent history of the Sony Corporation (NYSE:SNE) and its Playstation hack from 2011 that left credit card info at risk, or its email hack from 2014, that sent shares of the stock falling 10% in the immediate aftermath to see a company effected by breaches.
However, Sony’s hack involved far less people, and Yahoo’s hack involved far less sensitive information. This Equifax breach could possibly be the worst ever.
Two years ago, Equifax’s larger competitor Experian Plc (OTC:EXPN), reported a data breach that exposed sensitive personal data of approximately 15 million people. Equifax’s breach is expected to hit nearly 10x that amount.
Equifax shares, which had gained 21% this year, were last down nearly 13% at $124.37 after earlier touching their lowest in more than seven months.
Shares of rival TransUnion (NYSE:TRU) were also down 4.3%, while Experian shares were down 0.7%.
Equifax has yet to respond to media requests regarding the criticism of its perceived inadequate response.
Official disclosure of the breach came Thursday, stating that Equifax had discovered it on July 29, and that criminals had exploited a website application’s vulnerability to gain access to the now-breached files.
By late Thursday, Equifax had launched a service to let customers know if they’d been affected, with a confirmation page saying enrollment would begin next Tuesday, with a message stating:
“Please be sure to mark your calendar as you will not receive additional reminders.”
Reports from Twitter users claim that Equifax customer service representatives were not only difficult to reach or unhelpful, and in some cases were even unaware that the breach had occurred.
Critics of Equifax’s response have zeroed in on the breach support website equifaxsecurity2017.com, and the particularly phishing-like domain name. Hackers commonly use similar sounding domains to lure customers into giving more sensitive information away voluntarily.
“Another day, another dumpster fire in cyber security,” said Ryan Kalember, senior vice president of the cyber security firm Proofpoint told Reuters.
Already on deck are two proposed class-action lawsuits: One filed in Portland, Oregon, and another in Atlanta, Georgia. Both lawsuits allege that Equifax had been negligent in protecting consumer data.
A briefing on behalf of Equifax to US lawmakers is expected to take place later on Friday, according to a spokesperson for the House Financial Services Committee.
Equifax stated that hackers had breached the accounts between mid-May and July of this year, and that also some UK and Canadian residents were compromised as well.
Response from Britain’s Information Commissioner’s Office said the security breach “gives us cause for concern.”
ICO’s Deputy Commissioner James Dipple-Johnstone said his office would advise Equifax in order to alert Britain’s affected customers as soon as possible.
“Obviously the size and scope of this breach will likely drive a number of negative headlines for EFX that will weigh on its brand for the foreseeable future,” Barclays (NYSE:BCS) analyst Manav Patnaik commented in a note distributed by the firm.
According to its website, Equifax handles data for more than 820 million consumers and more than 91 million businesses worldwide, as well as manages another database with employee information from more than 7,100 employers.
With a response pending from the official equifaxsecurity2017.com starting next Tuesday, it’s still unknown how far the reach of the damage from the breach will cause. But it’s clear that Equifax’s market confidence has taken a severe hit from this revelation.