Kevin Lamarque | Reuters
Richard Smith, former chairman and CEO of Equifax Inc., testifies before House Energy and Commerce hearing on “Oversight of the Equifax Data Breach: Answers for Consumers” on Capitol Hill in Washington, U.S., October 3, 2017.
“There’s no question that the silver lining in the Equifax data breach is that it woke up a lot of people to the fact they need to take action,” said Matt Schulz, chief industry analyst at CompareCards.
While the cyberattack at Equifax wasn’t the first major breach at a U.S. company, it was different in that the revealed data included far more identifying information — and consumers did not willingly share any of it with the company. Like other credit reporting firms, Equifax collects and compiles consumers’ personal data from various sources to create credit reports and calculate credit scores.
“Protecting the data entrusted to Equifax is the company’s top priority,” an Equifax spokesperson said in an emailed statement to CNBC, pointing to the variety of security, operational and technological improvements the company has made and the $200 million increase this year in its spending on those aspects of its business.
A year ago, the public outcry over the breach led to days of congressional hearings, government investigations and class-action lawsuits. Equifax’s CEO and other top executives resigned after the breach as the company bungled its way handling the crisis: It accidentally sent consumers to a phishing site, consumers had problems signing up for its free credit-monitoring service, and it initially included a mandatory arbitration clause (meaning no class-actions) for anyone registering for that service.