Under-fire credit agency Equifax has seen profits tumble 27% year-on-year and costs spike by tens of millions during the previous quarter following a major data breach at the company revealed in September.
Third quarter profits stood at $96.3m, down over a quarter from the same period in 2016.
However, costs associated with the massive data breach earlier in the year reached $87.5m: $55.5m in “product cost”, $17.1m in professional fees and $14.9m in consumer support.
It clarified in a statement:
“Expenses include costs to investigate and remediate the cybersecurity incident and legal and other professional services related thereto, all of which were expensed as incurred.”
The bad news is not over for Equifax. The firm claimed to have incurred $4.7m in costs as a result of offering free credit file monitoring and identity theft protection to all US consumers. However, this will soon rise to between $56m and $110m, the firm claimed.
Despite the major disruption to its business, Q3 revenues went up 4% to reach $834.8m, although this was below its previous forecast of 6%-7% growth.
Equifax claimed Q4 revenue would also be down by 3%-4% thanks to the breach and subsequent costs.
The stats will be yet another reminder of the high price organizations must pay for cybersecurity failings that lead to serious data breaches.
Equifax has been widely criticized for its incident response following the breach, but the firm also admitted that a failure to patch a known web app vulnerability in its US online dispute portal.
The software flaw in Apache Struts was identified and disclosed by US CERT in early March 2017, and Equifax claimed it “was aware of this vulnerability at that time, and took efforts to identify and to patch any vulnerable systems in the company’s IT infrastructure”.
However, the bug apparently remained unpatched until it was spotted again after the firm investigated “suspicious network traffic” in July.