Equifax says it's spent $200m on security since the breach, so everything's OK now

It's been a year since Equifax doxed the nation of America through carelessness, deception and greed, lying about it and stalling while the problem got worse and worse.

In the year since, they've invested more than $200,000,000 in security, according to their new CSO, Jamil Farshchi, who comes from NASA and JPL and seems to know his stuff. Farshchi's work is being overseen by outside auditors appointed by eight states that entered into consent orders with the company.


This all sounds very good and all, but it's still monumentally unfair. The penalty for Equifax's recklessness should have been the corporate death penalty: charter revoked, company shut down, assets sold to competitors.

Not that Equifax's competitors are any better at security, but they have not (as far as we know) set in motion the ruination of millions of lives. And had Equifax's investors been wiped out by its malfeasance, every one of Equifax's competitors would have been held to serious account by their own investors, who wanted to avoid Equifax's fate.

Moreover, Equifax's responsible execs should have been held personally liable on both criminal and civil counts. The fact that Equifax's investors and execs kept all the money they made by risking all America with shoddy security, and that no one went to jail for a monumental act of corporate recklessness, is a moral hazard, virtually guaranteeing that Equifax's competitors will not take the care they owe to the people on whom they have amassed nonconsensual, potentially life-destroying dossiers.

Equifax says that the transformation process is a long-term commitment to doing things differently, and letting the results speak for themselves. "It's important for people to understand the seriousness with which we're taking our remediation efforts, the investments that we're making in data security, and the seriousness with which we see our obligation to the data that's been entrusted with us," Houston says. "We have to continue to deliver, and then when we deliver on what we promise, that's when we will rebuild the trust."

For the 147 million Americans impacted by the breach, all of Equifax's improvements and reforms are likely small consolation. But at least the company has made strides toward minimizing the chances that it happens again—and being better prepared to react if it does. "No matter how much you invest, how great your people are, any organization nowadays can be breached," says Farshchi. And no one knows it better than Equifax.

Equifax's Security Overhaul, a Year After Its Epic Breach [Lily Hay Newman/Wired]