Equifax's push to regain public trust calls on companies to work together
At Black Hat, Equifax's chief information security officer talks about how companies need to collaborate on cybersecurity to win back public confidence.
Equifax's chief information security officer discussed public trust at Black Hat on Thursday.
If you don't trust Equifax, the company is willing to bet you will soon. At the Black Hat cybersecurity conference on Thursday, Jamil Farschi, Equifax's chief information security officer, described how a company could regain the public's trust, just 17 days after Equifax reached a multimillion dollar settlement with the US Federal Trade Commission and others over a huge 2017 data breach.
The credit-monitoring company agreed to pay at least $650 million in a deal with the FTC, the Consumer Financial Protection Bureau, 48 states, Washington, DC, and Puerto Rico. In 2017, Equifax suffered one of the largest data breaches in history, with hackers stealing sensitive data on as many as 147.7 million Americans.
Equifax's former CEO, Rick Smith, blamed the hack on a single employee who failed to patch a server vulnerability Equifax had been warned about four months prior to the breach. And two former Equifax executives have been convicted of insider trading for dumping company stock before the breach was made public.
Equifax hired Farschi in February 2018, and at last year's Black Hat cybersecurity conference he told CNET it would take Equifax three years to win back the public's trust. With two years to go, Farschi said Thursday that Equifax could turn the tide in its favor if all companies were working together on cybersecurity.
The Equifax CISO discussed how companies need to cooperate to ensure public trust, arguing that when one company is breached, it affects the entire industry.
"All of us collectively have the opportunity to excel," Farschi said. "We can work together. I think we can turn the tide as a collective group."
Since the settlement in July, public trust of Equifax has been shaky. It didn't help when the FTC encouraged people affected by the breach to choose free credit monitoring over the $125 cash alternative laid out in the deal. The reason: Equifax set aside $31 million for the cash payment option, which isn't nearly enough to fully pay everyone -- so if you opt for cash, you may get far less than you think.
"Each person who takes the money option will wind up only getting a small amount of money," the FTC said in a blog post in July.
The amount set aside isn't even enough to pay the 4.5 million people who visited the claims page, which is just 3 percent of all the people affected by the Equifax breach.
Despite that, Farschi is optimistic that public opinion on Equifax will turn around. He's led security turnarounds for companies like Home Depot, which in 2014 suffered a hack affecting more than 50 million credit card accounts.
"We can talk about what we want, but when we say something, we have to deliver," Farschi said. "It's that level of action that I think drives the meaningful progress that we've seen."