BankThink

Equifax mismanagement extends to damage control

Complimentary Access Pill
Enjoy complimentary access to top ideas and insights — selected by our editors.

Equifax’s crisis communications strategy dealing with its security hack has been an epic fail. And the credit reporting giant continues to make the situation worse.

The story of the security hack at Equifax is well-known. The breach lasted from mid-May through July of this year with hackers obtaining the personal information of 143 million people. This information included people’s names, Social Security numbers, birth dates, addresses and driver’s license numbers. Compounding the problems for Equifax, three officers of the company sold stock shares worth a combined $1.8 million just before the breach was detected.

Successful crisis communications requires:

Being proactive. In this Equifax failed as it waited six weeks before revealing the hack. This delay has raised questions of why did they wait and raised suspicions of a cover-up.

Equifax logo
A monitor displays Equifax Inc. signage on the floor of the New York Stock Exchange (NYSE) in New York, U.S., on Friday, Sept. 8, 2017. The dollar fell to the weakest in more than two years, while stocks were mixed as natural disasters damped expectations for another U.S. rate increase this year. Photographer: Michael Nagle/Bloomberg

This was worsened by the revelation that company officers had sold stock just before the detection. Had the company got out in front of the story, particularly during the slow news period of August, it would have earned kudos for being honest and would have drawn less coverage than it is now when reporters and the public are back from vacation.

Transparency. When a crisis hits, it is essential to be transparent, which means getting the good and the bad out. Again, Equifax failed in this regard. The full story has been coming out slowly with each day a new revelation. The latest is that Equifax did not implement a security patch in March that could have prevented the hack.

Empathy. During a crisis, it is critical to show empathy towards those who have been affected. Equifax has done the opposite. Rather than getting its CEO out as the face of the company who could express empathy and apologize for what has happened, the company has hidden behind press releases. Its offerings to help victims have fallen far short, as illustrated by the fine print designed to avoid litigation. The company and its employees have been tone deaf. This goes all the way to employees in the company’s call centers who have been reported to be rude and flippant to consumers.

Social media. Social media drives narratives. Equifax seems to have overlooked this fact. It was acting on social media as though no crisis was at hand, immortalized by its infamous tweet the day the scandal hit of “Happy Friday."

The final aspect of successful crisis communications is making sure such an issue will never happen again. In this, too, Equifax has failed.

So, what should the company do now?

Get all the information out immediately. No more slow drip.

Have the CEO become the face of the company, offer a sincere apology and address all stakeholders — consumers, vendors, policymakers, stockholders and employees.

Offer a solution on moving forward.

Equifax has failed crisis management 101. Until it takes corrective measures the company will continue to suffer and offer an example of what not to do during a crisis.

This article originally appeared in PaymentsSource.
For reprint and licensing requests for this article, click here.
Data breaches Digital payments Credit reporting Equifax PayThink Conference
MORE FROM AMERICAN BANKER