Equifax was financially punished for the breach that allowed the personal data of 145.5 million of its customers to be compromised.
Equifax reported that for its third quarter, ended October 31, it posted a net income of $96.3 million, down 27 percent from the same period in 2016, on sales of $834.8 million which missed analyst’s estimates by about $11 million, according to Reuters. The company credited the income loss to customers that are holding back their business until Equifax can prove its systems are secure.
“As we report our third quarter results, we recognize that we have an important journey in front of us to regain the trust and confidence of consumers and our business customers. Our teams have taken immediate actions to improve our data security and provide improved support for consumers who were impacted by our cybersecurity incident,” said Paulino Barros, Interim Chief Executive Officer at Equifax, in the company’s third quarter financial statement.
Equifax reported it has spent $87.5 million on investigating the breach, legal fees to respond to subsequent litigation and costs to deliver the free product offering made to all U.S. consumers.
The September breach is being blamed on the exploitation of a vulnerability in the open-source server software Apache Struts. Even more damning is the company knew of the vulnerability, but failed to find any problems during two searches of its system that took place prior to the breach becoming public, former Equifax CEO and Chairman Richard Smith told the House Energy and Commerce Committee Subcommittee on Digital Commerce and Consumer Protection.