The Long Tail of The Equifax Hack
Equifax is back in the news. Again. Last September, Equifax announced to the world that it had been hacked, compromising roughly 143 million U.S. customers’ credit card numbers, Social Security Numbers, and birth dates. Retirements of the CIO, CISO, and CEO followed. Equifax’s breach led the news for weeks and now it’s back again.
Equifax, in late February, admitted that an additional 2.4 million customers had their names and drivers’ license information accessed in the hack. The Equifax breach, purported to be the most expensive in history, is reported to have cost more than $439 million to date, but that’s just in dollars and cents. What about the material impact of this slow-drip of bad news?
More Bad News
Equifax is just the next in line of the slow-drip breach news phenomenon. In this case, Equifax has suffered from the impacts of separate but powerful news stories that have kept it firmly in the news: the initial breach announcement, the “retirement” of its CIO, CISO, and CEO, Senate hearings, and now a new finding of 2.4 million additional affected customers.
Yahoo! Also experienced an onslaught of slowly leaking news hits as it learned and shared about the impact of its hack. In Yahoo’s case, two major hacks at different times affected three million users. While Equifax earned the honor of the most expensive hack, Yahoo! owns the largest hack to date. However, both companies have experienced the excruciating flow of bad news.
What Should You Do
Breaches may be inevitable, but there are clear preparations and actions a company can take to best manage the ever-present, 24-hour news cycle.
Take ownership. Uber made many mistakes in the handling of its 2016 hack – most glaringly not sharing the news with its leadership, board, or the public at the time of the hack. When it finally did go public, the new CEO took responsibility.
Don’t be shady. Uber, in its shadiness, further exemplified how not to manage a hack. Part of why Uber’s story stayed in the news wasn’t so much that there was a hack but rather that Uber tried to cover it up. They paid off a hacker. They didn’t tell anyone. They assumed they’d get away with it. As soon as it came out, this was fodder for the news providers.
Be proactive. Every company can and should prepare for the inevitable breach not just in terms of its response plan but also specifically in terms of its crisis communications preparedness. The 24-hour news cycle is real, and the steady news drip is dangerous to any organization’s reputation.
Are you prepared to combat both a hack and its aftermath? Learn how to manage your own potential crisis from the top down with N2K’s Cyber Resolve cyber risk training for executives.