We research all brands listed and may earn a fee from our partners. Research and financial considerations may influence how brands are displayed. Not all brands are included. Learn more.

Equifax Is Going to Make Millions Off Its Own Data Breach

Sen. Elizabeth Warren, D-Mass., questions Richard Smith, CEO of Equifax, during a Senate Banking, Housing and Urban Affairs Committee hearing in Dirksen on the company's security breach on October 4, 2017. - Tom Williams—CQ-Roll Call,Inc.
Sen. Elizabeth Warren, D-Mass., questions Richard Smith, CEO of Equifax, during a Senate Banking, Housing and Urban Affairs Committee hearing in Dirksen on the company's security breach on October 4, 2017. Tom Williams—CQ-Roll Call,Inc.

Despite the devaluation of Equifax's stock price and otherwise reputational damage, Sen. Elizabeth Warren (D-Mass) on Wednesday predicted the credit bureau will be just fine.

Why? Because, according to Warren, Equifax is poised to make millions off the recent data breach that compromised the names, social security numbers, driver's license numbers, birth dates, addresses, and credit card information of 145 million Americans. Warren made her prediction during Wednesday's Senate Banking Committee's hearing on the Equifax data breach, where former CEO Richard Smith served as the only witness.

“Equifax is making money—millions of dollars—off its own screw-up,” Warren told Smith during the hearing.

And it turns out, Smith was well aware of the potential revenue opportunities. “Fraud is a huge opportunity for us—it’s a massive, growing business for us,” Warren quoted Smith as saying in August.

Equifax stands to make money off consumers through at least two major ways. The first is its own credit monitoring product. While Equifax has ceased selling credit monitoring directly to consumers after the data breach was announced, the free credit monitoring and identity theft protection Equifax is currently offering right now will only be free for a year, Smith confirmed at the Equifax hearing.

After that, consumers will have to pay for it at the standard rate of $17 a month. So far, over 7.5 million people affected by the Equifax breah have signed up for the free monitoring. Warren calculated that even if 1 million people continue with the monitoring for just one year, Equifax will earn over $200 million in revenue.

Equifax also earns money off a business relationship in place with LifeLock, another identity protection service on the market.

“From the second that Equifax has announced this massive data breach, Equifax has been making money off consumers who purchase their credit monitoring through LifeLock,” Warren said during the hearing.

As part of its offering, LifeLock purchases credit monitoring services from Equifax, according to SEC filings Warren and her staff reviewed. And the company has seen its customer base increase tenfold since the Equifax data breach was announced last month, Warren noted.

“That means someone buys credit monitoring from LifeLock, and LifeLock turns around and passes some of that revenue onto Equifax,” Warren said. Smith noted during his testimony Warren was correct regarding the business relationship. A spokeswoman for LifeLock said Wednesday the company "monitors information from all three major credit bureaus, as well as identity theft information from third-party data sources, and LifeLock’s proprietary ID Analytics network."

And yet while Equifax is making money off the data breach, its potential costs are shockingly low. Consumers can sue the credit bureau, but it’s historically not a lucrative route for recovery. It turns out the average restitution paid out for those that win a lawsuit is less than $2 per consumer, Warren reported.

“Because of this breach, consumers will spend the rest of their lives worrying about identity theft,” Warren said. “But Equifax will be just fine—heck, it could actually come out ahead.”

Warren added that Equifax and the whole industry should be “completely transformed,” saying that executives like Smith and Wells Fargo's Tim Sloan should be held personally responsible and that companies should be forced to mandatory and severe fines when these types of breaches occur.

“We’ve got to change this industry before more people are injured,” Warren said.

Tags