Equifax Flunked Index Provider’s Cybersecurity Test A Year Ago

Patterson Belknap Webb & Tyler LLP

A financial index provider foretold the Equifax Inc. data breach more than a year ago, warning that the rating agency “is vulnerable to data theft and security breaches.”

In an August 2016 report, MSCI Inc. – which selects index stocks based on its analysis of a company’s performance on environmental, social and governance issues – concluded that “Equifax shows no evidence of data breach plans or regular audits of its information security policies and systems.”

“Equifax’s data security and privacy measures have proved insufficient in mitigating data breach events,” MSCI cautioned.  “The company’s credit reporting business faces a high risk of data theft and associated reputational consequences. The 2016 breach of tax and salary data of 431,000 employees’ belonging to its key client (Kroger’s) is a key example of this risk materializing”

MSCI assigned a “zero” score to Equifax’s privacy and data security on a 10-point scale and downgraded the company to its lowest rating.

News of the MSCI warning surfaced last week after the credit reporting agency’s former CEO, Richard F. Smith, spent three days testifying in Washington, D.C. before four separate congressional committees. 

While Mr. Smith’s week in Washington was punctuated by angry lawmakers grilling him about the company’s lack of cyber hygiene – interspersed with frequent apologies from Smith – the former CEO did confirm the root cause of the breach which exposed the records of more than 145 U.S. consumers. In his testimony, Smith referred to “an individual” in the company’s IT department who failed to follow security warnings and did not ensure that a software vulnerability was patched.  The company previously disclosed that the breach was due to an unpatched software flaw but Smith said “human error and technology failures” were to blame.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Patterson Belknap Webb & Tyler LLP | Attorney Advertising

Written by:

Patterson Belknap Webb & Tyler LLP

Patterson Belknap Webb & Tyler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.