Andrew Blum, Principal, AJB Communications
Talk about a PR problem! The news media, consumers, Congress, state regulators, lawyers, businesses, Moveon.org and just about anyone else using credit and data has a big beef with Equifax.
It’s pretty hard for a business to truly anger 143 million customers all at once, but Equifax has managed to do just that. And, now, the firm’s Chairman and CEO, Richard Smith, is the first top casualty of the crisis, albeit with his $18 million pension still intact.
When Equifax announced on Sept. 7 that hackers had stolen social security numbers and other personal information of as many as 143 million Americans, it set off a firestorm and a lot of questions and concerns:
Who is Equifax? Why do they have all my personal information to begin with? Why can’t they safeguard it? What will they do to make me whole? Why didn’t they tell me as soon as this happened?
To say Equifax handled the PR fallout poorly is to woefully underestimate how bad it was. First, they are the ones that not only are supposed to safeguard information, but that data is used for a wide range of decisions impacting consumers based on their credit ratings. And now crooks have the personal information to use and sell – forever.
This is not like having one credit card used by a thief. There you call the card company and get a new card; here the crooks can use your information to set up a bunch of accounts and use your name and your credit.
Ron Lieber, “Your Money” columnist for The New York Times, who has been leading the media charge on the story, says he hasn’t seen one thing “that’s gone right in the wake of this breach, and in my 12 years of writing personal finance columns, I can’t recall any consumer transgression this widespread and potentially consequential.”
As a result of the Equifax breach and its horrible response to customers looking for answers and help, Congress called for hearings, state regulators are looking at regulating credit reporting agencies, lawyers have filed at least 23 class action lawsuits against the company, businesses have joined consumers in suing and Moveon.org has a petition out to the major agencies asking for credit freezes to be free from all three.
Lieber, in one of several columns on the breach, joked that, nobody appointed him vp-customer service for Equifax, “but somebody had to do the job.”
“Equifax is now a company desperately in need of some kind of public face,” Lieber wrote, “— a human being who can apologize in an unscripted manner.”
It’s not just the national media. Kevin Riley, the editor of Equifax’s hometown paper, The Atlanta Journal-Constitution, wrote in an op-ed that the company flubbed its initial steps in sharing the news.
“Consumer advocates were enraged at how the company informed the public, releasing the news at the end of the day when it’s less likely to make the news,” Riley wrote, “— and more than a month after the company learned of the breach.”
Then it tried to lock consumers into binding arbitration. The company then revised its plans. But Riley says then former Georgia Gov. Roy Barnes and a team of lawyers filed a lawsuit against Equifax, one of the many suits filed around the country.
Riley says since Equifax deals routinely in highly sensitive information, it should have been prepared for this. “So for the sake of our economy, and for Atlanta, Equifax better find a way out of this mess and figure out how to avoid future breaches.”
Despite all the hue and cry over the breach and bad PR response, there is a fear that Equifax, like many companies caught doing bad things are like Teflon and won’t be punished enough. According to a recent Bloomberg News story, it is estimated that Equifax may end up only paying $1 per person in penalties.
Time will tell about that. In the meantime, the 143 million victims are waiting.
The only good thing to come out of this is that Equifax can be taught in PR and journalism classes as a case study of what not to do in a crisis.