Equifax

On July 29, 2017, Equifax discovered a massive data breach that had been ongoing since mid-May 2017. This breach involved the personal information of approximately 147 million Americans, including names, social security numbers, birth dates, addresses, and in some cases, driver's license numbers. It became one of the largest and most significant data breaches due to the sensitivity of the stolen data and the number of people affected.

On September 7, 2017, Equifax publicly announced that it had been the victim of a data breach affecting 147 million Americans. This revelation came six weeks after the company discovered the breach. The delay in public disclosure led to significant public and governmental scrutiny, questioning Equifax's handling of the breach and its communication process.

On September 14, 2017, former Equifax CEO Richard F. Smith issued an apology to Congress, admitting that Equifax had mishandled the breach. Smith's testimony addressed the delays in public notification and the inadequate measures that had been in place for the protection of consumer data. The breach's scale and Equifax's response drew criticism from lawmakers and regulators.

After the massive data breach was revealed, Richard F. Smith retired as chairman and CEO of Equifax on October 2, 2017. His resignation was part of the company's efforts to address the fallout from the breach, which included public outrage, multiple lawsuits, and investigations by regulatory bodies. Paulino do Rego Barros Jr. was appointed as interim CEO.

On July 22, 2018, Equifax disclosed more details about the 2017 data breach, acknowledging that additional personal information of millions of people, such as email addresses and partial driver's license information, had been compromised. This revelation came as Equifax worked to rebuild trust and enhance its cybersecurity efforts. The ongoing fallout from the breach continued to affect the company.

On September 7, 2018, Equifax agreed to a settlement with state regulators over its 2017 data breach. The settlement included a consent order signed with eight states mandating improvements in Equifax's data security practices. The efforts to comply with regulations aimed to prevent further breaches and address the systemic failures that led to the previous vulnerabilities.

On July 22, 2019, Equifax announced a settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 U.S. states, worth up to $700 million over the data breach that exposed sensitive information of 147 million people. The settlement required Equifax to provide affected consumers with free credit monitoring and identity theft protection along with other forms of redress.

On July 22, 2020, Equifax's former Chief Information Officer Jun Ying was sentenced to four months in prison for insider trading. Ying sold stock in Equifax after learning of the data breach before it was publicly announced, making nearly $1 million in profits. This was part of the broader scrutiny and legal action faced by Equifax executives in the wake of the data breach scandal.

On September 30, 2020, Equifax launched a new cloud-based platform, combining data analytics with artificial intelligence to provide advanced workforce insights. The platform aimed to assist businesses in optimizing their workforce talent and resources, aligning with Equifax's strategic focus on data services and innovation after its 2017 data breach to strengthen its market positions.

On November 1, 2021, Equifax acquired Health e(fx), a provider of Affordable Care Act compliance software, marking a strategic move into healthcare-related data services. This acquisition was aimed at expanding Equifax's capabilities in workforce management solutions and diversifying its portfolio beyond credit reporting to mitigate the impact of past breaches on its core business.