Ben DiPietro, The Wall Street Journal’s Risk & Compliance Journal, September 19, 2017

The hack of personal information of around 143 million people has put credit-monitoring service Equifax Inc. in the crisis bullseye. Hackers swiped Social Security numbers, birth dates, addresses and driver’s license numbers, leaving consumers trying to figure out their next moves—and unhappy with how Equifax was handling the situation. The breach is under investigation by the Federal Bureau of Investigation, Federal Trade Commission and several states.

Equifax issued a statement on Sept. 7 notifying the public about the breach—weeks after it said it first learned of the incursion. It issued ‘updates’ on Sept. 8, Sept. 11, Sept. 13, Sept. 14 and Sept. 15, the last one announcing the retirements of its chief information officer and chief security officer. Bloomberg reported three executives sold stock days after the company learned of the breach but NPR reported Equifax said in a statement not posted on its website the executives “had no knowledge that an intrusion had occurred at the time they sold their shares.” The company’s chief executive, Robert F. Smith, said the incident is “the most humbling moment in our 118-year history” and promised changes.

The experts evaluate how well Equifax has handled its crisis communications.

Davia Temin, chief executive, Temin and Co.: “Just terrible. Equifax’s public response to its breach affecting 143 million Americans remains one of the worst yet, serving only to exacerbate the crisis–and the company took over a month to plan it. It made pretty much every crisis communications gaffe in the book, systematically destroying public trust with every move.

“Equifax completely and purposefully understated the problem. ‘This is clearly a disappointing event for our company…’ the CEO said. Disappointed? Really? What about devastated? What about disconsolate? What about abjectly sorry? Second, it included its marketing brand message in its announcement: ‘We pride ourselves on being a leader in managing and protecting data.’ This set up an internal comparison between what it promises in its marketing and what just happened. ‘Proud?’ It should be ashamed. This simply served to magnify its fail–and the company’s complete cluelessness as to what it was about to unleash.

“The utter stupidity of Equifax appearing to pull a fast one on the American public by tying its acceptance of an offer for a year of free credit monitoring to the waiving of one’s right to a trial and mandating the use of arbitration is stunning. Only after a huge public outcry and the involvement of New York’s and other state’s attorneys general getting involved did it amend the offer to include a ‘write-us-within-30-days-to-opt-out’ clause. No matter what its ‘clarification’ noted, it was far too little, too late. What could have been a one-day killer of an announcement…has turned into a category 5 debacle for Equifax.”

To read the full article, CLICK HERE.