Equifax Inc.’s insurance against cyber breaches is likely inadequate to cover the credit-reporting company’s costs tied to one of the biggest hacks in history, according to people familiar with the coverage.
The company holds a policy that would probably cover about $100 million to $150 million, with costs shared by carriers in the London market and elsewhere, said the people, who asked not to be identified discussing a private contract. Though Equifax’s eventual expense may not be known for years, it could be multiples higher than the insurance payout, given what the company has disclosed and the costs at hacking victims like Yahoo and Target Corp., they said.
“Equifax carries cybersecurity, crime, general-liability and other lines of insurance, and we have begun discussions with our carriers regarding the incident,” a spokesperson said by email Saturday, without commenting further.
The company has offered free credit-monitoring to victims after reporting Thursday that a breach affected 143 million people, revealing Social Security numbers, drivers license data and birth dates. The Atlanta-based company now faces multiple state and federal investigations, and a proposed multibillion-dollar class action lawsuit was filed against Equifax. In its annual report, the company addressed the limits of its insurance protection tied to cyber risks.
‘Risk Retention’
“Our property and business interruption insurance may not be adequate to compensate us for all losses or failures that may occur,” Equifax said in the filing. “Also, our third-party insurance coverage will vary from time to time in both type and amount depending on availability, cost and our decisions with respect to risk retention.”
Equifax dropped 14 percent in New York trading Friday. The company is one of the three major bureaus that maintain databases of consumers’ credit status, payment history and address information. The same banks that furnish much of the bureaus’ credit data also use it to make lending decisions.
Beazley Plc, which has been expanding offerings to protect clients against cyber risks, is the lead insurer for Equifax, according to two people familiar with the contract. A representative for the London-based insurer declined to comment.