Repairing Equifax would be easier for new CEO Mark Begor if the massive cyberattack that led to his appointment hadn’t also revived an existential threat to credit bureaus.
Begor, a GE Capital veteran who joined the Atlanta-based company just two weeks ago, assured investors on his first earnings call that Equifax has an “absolute commitment” to securing the sensitive consumer data it possesses, an imperative after a 2017 hack that exposed personal information for nearly half the country.
Equifax has lost 19 percent of its market value since disclosing the theft of identification data including birth dates and Social Security numbers for more than 140 million people in September 2017. The company blamed the loss in part on its failure to fix software flaws despite an alert from the U.S. Department of Homeland Security.
Congressional hearings afterward lambasted former CEO Richard Smith, who stepped down shortly after the theft became public, and examined whether consumers or credit bureaus own the data that such companies collect. How lawmakers answer that question could transform an industry that tracks consumers’ payment histories without their consent, pays them nothing for the data and turns a profit from selling it to lenders.
“We are seeing signs that Democrats and Republicans are concerned about the lack of control consumers have over the ability of companies to collect, store and sell credit histories,” said Jaret Seiberg, a Cowen Washington Research Group analyst who wrote a report gauging the likelihood that Congress might sharply restrict how Equifax and rivals TransUnion and Experian gather and sell such information.
“Unlike other worries over big data, there is an avenue for action on this front as the Equifax data breach provides political cover for Congress to advance changes that otherwise would never see the light of day,” he said. Unlike stolen credit card numbers, which are relatively easy to change, the information taken from Equifax is used to verify the identity of borrowers and is difficult and sometimes impossible to alter.
Privacy concerns ignited by the theft have only been compounded by the subsequent revelation that Cambridge Analytica, a consultant for President Trump’s 2016 campaign, improperly accessed data on some 87 million Facebook users. Critics have said the data, over which Facebook CEO Mark Zuckerberg was grilled in hearings this month, was used to manipulate voters before the election that Trump’s Democrat rival, Hillary Clinton, was widely expected to win.
“The market is under-appreciating just how frustrated Democrats and Republicans are over big data, which means they could turn to radical ideas for credit bureau reform,” Seiberg said.
Already, a banking-regulation bill passed by the Senate earlier this year gives consumers an unlimited ability to freeze and unfreeze their credit reports and excludes some medical debt for veterans.
Beyond that, there’s a 70 percent chance of follow-up legislation in the next few years that might expand consumer control over credit reports, mandating free monitoring of credit scores and requiring consumer approval before their histories are shared for marketing purposes as well as stiffer fines if a credit bureau is hacked, Seiberg said.
Longer-term, three main avenues exist for revising the Fair Credit Reporting Act of 1970 to address data-privacy concerns, Seiberg says. One, reflected in some bills already, is simply allowing consumers more latitude to dictate how their credit histories are used. Another is requiring bureaus to purge data sooner than the existing seven-year limit, and the third is empowering individuals to remove all performance data from the credit bureau’s record.
“More broadly, we hear lawmakers question why credit bureaus even have a right to collect consumer data,” he said. “We have heard this from the far left with Sen. Elizabeth Warren, D-Mass., and the far right with Sen. John Kennedy, R-La.”
Against that backdrop, Equifax is focused on working with the U.S. government and other regulators investigating the attack and becoming an industry leader in protecting information, Begor said.
“We’re being very aggressive about attracting the absolute best talent in the information technology and data security space,” he told investors on Thursday’s earnings call. “We’re investing heavily to ensure we are market leaders around data security, and we will also enhance the transparency of all our transformation efforts with all our constituents, our customers, consumers and the public.”
Equifax tumbled 3.2 percent Thursday after reporting that profit dropped 41 percent to $90.9 billion, or 75 cents a share, in the first three months of the year. Excluding $68.7 million in costs related to the cyberattack and other expenses, earnings of $1.43 a share still topped the $1.37 average estimate from analysts surveyed by FactSet.
The stock fell another 1.4 percent to $114.39 on Friday.
