Credit ratings agency Moody's this week revised its rating outlook for Equifax, downgrading it from stable to negative as a result of financial losses stemming from a 2017 data breach. The move marks the very first time Moody's has taken any kind of rating action as the result of financial fallout from a cyberattack.
A summary of the revised credit analysis explains that Equifax's business performance and reputation suffered from the breach, and further notes that the company's cash flow has decreased because of legal and IT expenditures stemming from the incident.
"The negative ratings outlook reflects our concerns that revenue may not grow and free cash flow could remain low for an extended period," the summary states. "The outlook could be revised to stable if we anticipate free cash flow to debt will return to around 10 percent and cybersecurity related investments and risks will abate."
The revision is a direct response to Equifax's May 10 SEC filing, in which the company acknowledged taking a first-quarter financial hit of $690 million, related to losses the company expects to incur from a class-action lawsuit and regulatory fines. In that filing, Equifax estimated that it already has spent roughly $1.4 billion recovering from the breach, which exposed the PII of about 148 million customers.
"We expect 2019 revenue of approximately $3.5 billion," Moody's summary states, regarding Equifax.