Ok. Let’s set aside the fact that Equifax fell asleep at the switch and compromised the privacy and financial security of half the nation. Hey, mistakes happen right? What really blows my mind is the ham handedness with which they reacted to it. Given the enormity of the problems they created for people, you’d think they would have responded with a modicum of humility, a dose of understanding, some sense of fairness in the way they sought to earn back the public trust. You would think. But, no not this time. Instead of following the fundamentals of good crisis response – timely disclosure, transparency and sacrifice – they chose (oddly) to do the opposite.
They waited too long to disclose – several months passed before anyone outside the company even knew a breach occurred. This was precious time lost for consumers to take action to protect their information and precious time gained for crooks to make their getaway.
They were stingy in their offer of compensation – While the company’s offer of one year’s worth of credit monitoring was the right idea, one year seems paltry when you consider the company’s breach compromised the identity of millions of Americans for the rest of their lives.
Their stingy offer came with strings attached – As if their paltry offer of 360 days of credit monitoring was not enough to blow their credibility, they snuck in legalese in the fine print of their offer that would have prevented anyone who accepted it from taking legal action against them.
Its hard to imagine a more tone-deaf response to a crisis than this one and predictably the chickens are coming home to roost at Equifax. The head of IT is gone and now so is the CEO. My guess is that more heads will roll and Congress will step in to do their thing. This breach was bad regardless of how they responded to it, but rest assured, it’s worse because they chose to do the wrong thing.