Financial company MSCI had warned Equifax a year before its massive data breach that there were signs it wasn’t protecting the data of its millions of customers.
According to a news report in The Wall Street Journal, MSCI reported in August of last year that Equifax wasn’t equipped for the “increasing frequency and sophistication of data breaches.” After poring over the Equifax records, the company said it found zero evidence that the credit scoring company conducted regular cybersecurity audits or provided training to employees on identify risks, nor did they have any emergency plans to handle a data breach or leak. What’s more, MSCI scored a zero for the privacy and security of consumers’ data.
Due to the cybersecurity concerns, MSCI removed Equifax from its stock indices, which evaluate companies based on environmental, social and governance criteria. “If you’re an investor or asset manager and you see these rock-bottom evaluations of Equifax, it had to have given you pause,” Jon Hale, head of sustainability research at Morningstar Inc., told The Wall Street Journal. “This is an instance where ESG analysis was really ahead of the curve.”
The latest revelation comes as Equifax is reeling from its recent disclosure that 145.5 million customers’ personal data, including Social Security numbers, may have been hacked in a cyberattack. Additionally, exposure of 209,000 credit card account numbers was also revealed.
Since the company announced the data breach, its CEO Richard Smith has retired, and inquiries have been launched by every state attorney general and the Federal Trade Commission. Executives at the company appeared before Congress, and more backlash is expected. According to another recent Reuters report, the Consumer Finance Protection Bureau is wading into the matter, looking to use its wide-ranging powers to come down on Equifax.