Stephen Gandel, Columnist

Equifax Can't Protect Data, But It Can Keep a Secret

A delay in disclosing its enormous hack only compounds its management failure.

October 3, 2017 at 6:58 PM UTC

Stephen Gandel is a former Bloomberg Opinion columnist covering banking and equity markets. He was previously a deputy digital editor for Fortune and an economics blogger at Time. He has also covered finance and the housing market.

1507053017_GettyImages-857114846 — Photographer: Chip Somodevilla/Getty Images

Provide news feedback or report an error

Site feedback:

Take our Survey

This article is for subscribers only.

Equifax, as everyone knows now, proved inept at securing the most sensitive personal and financial data of as many as 143 million Americans. But it turns out the company was exceptionally good at protecting news of the hack from getting out.

The credit-reporting bureau was, it seems, able to keep that news from top executives, the board and eventually the public for far longer than other corporate victims. LinkedIn confirmed a 2012 hack just three days after the social network found out about it. Target confirmed its huge hack in 2014 seven days after it was discovered, and a day after rumors, spread by cybersecurity bloggers, had begun circulating that the retailer's customers' credit card information had been breached. At Equifax, however, the company was able to keep that information safe from the public for 39 days. And you say former CEO Richard Smith isn't deserving of a $7.6 million stock bonus?