Banks, credit card companies, and other Equifax customers squeal. Consumers (the product) squeal. Congress squeals. Investors squeal.

Equifax shares dropped another 16% during the day and after-hours on Wednesday to $97.51. They’ve now plunged 31%, or $44.82, in the four trading days since Equifax confessed that 143 million consumers had their data crown-jewels stolen when it was hacked. The stolen data is perfect for identity theft, such as getting a loan in your name, and tax fraud, such as getting a tax refund from the IRS in your name, with Kafkaesque consequences for you.

Investors, seeing what this might do to the company, have voted with their sell-button. Based on the 120.4 million shares outstanding as of June 30, the four-trading-day loss amounts to $5.4 billion.

The stink has been enormous, with Equifax having to back down from some of its most egregious solutions to this problem, including forcing consumers to give away their legal right to sue in order to sign up for its credit protection services. Buckling under scathing criticism, Equifax rescinded this requirement over the weekend.

Equifax will still try to twist this offer of “free” credit protection into a profit opportunity. Once your social security number, date of birth, and other data that hackers obtained is out there, you’re vulnerable to identity theft for the rest of your life, and you need to protect yourself for the rest of your life. But Equifax is just offering the first year for free, hoping that you’ll continue the service and pay its annual fee for the rest of your life.

Dozens of lawsuits have already been filed. Equifax will be attacked from all directions, including shareholder class-action lawsuits and consumer lawsuits. Congress has gotten interested in it, and two committees are planning hearings.

But the Wall Street hype continues. All 16 analysts tracked by Bloomberg that follow Equifax have either reiterated their bullish rating on the company, or have not altered their rating, and some have exhorted their clients to buy more.

JP Morgan Chase analyst Andrew Steinerman said that based on his conversation with Equifax executives, the financial impact would be isolated to the company’s business-to-consumer segment, which accounts for about 7% of total revenue. Based on the revenue consensus of $3.40 billion for 2017, it would impact only about $238 million in revenue, according to MarketWatch. So no big deal?




Alas, Steinerman also said that he is “somewhat concerned” about the potential impact to the company’s business-to-business segment.

And that’s exactly what’s happening with the big banks and credit card companies, Equifax’s largest customers. They’re buying your data (which makes you the product in this trade). For Equifax, this revenue is now vulnerable. Citing “people familiar with the firms,” the Wall Street Journal, explains their reactions:

Banks and other financial companies are considering the possibility of moving some business away from Equifax Inc. in the wake of its data breach and to some of the firm’s credit-reporting rivals.

Lenders are unlikely to take any immediate action and are seeking more information from Equifax about the hack….

Still, large banks, in particular, have expressed dismay privately that their customers’ information was compromised, that they received no advance warning of the breach announcement, and that they still have little insight into what went wrong, these people said.

Some of it has spilled into the public. On Tuesday, JP Morgan Chase CEO Jamie Dimon – in 2014, his bank had suffered the biggest hack of any financial institution in US history – told a conference that he wants to find out if the hack could have happened to any company or if it was based on something that Equifax didn’t do correctly.

“All that will matter, it’s obviously important,” he said, according to the Journal. “It depends what happened and how it happened, whether they could’ve or should’ve.”

On Monday, Capital One CEO Richard Fairbank explained to a conference who exactly would bear the costs of the hack: “A bunch of our customers are affected,” he said. “It’s going to be costly to them and to us.”

The Journal added:

It is unlikely that financial firms would cease doing business with Equifax altogether. But, as contracts with the company come up for renewal, they might look to shift some of their business to rivals such as TransUnion or Experian PLC, the people familiar with the matter said.

So a loss in revenue and market share in Equifax’s business-to-business segment.

There is another hiccup for Equifax. I have strongly recommended on Thursday, when Equifax announced that hack, that consumers, whether their data was stolen or not, put a security freeze on the three major credit bureaus. A security freeze makes it very difficult for anyone to open a credit account in your name. Here are the details, including links to the three major credit bureaus. Since then, numerous readers have done so. Some have shared their experiences in the comment section.

(You may also consider putting a security freeze on lesser credit bureaus, such as Innovis, as some commenters have pointed out. But they might not yet have your social security number, which would be a good thing. So you’d give it to them unnecessarily; I have no recommendation on this.)

Then the New York Times, the Wall Street Journal, other major media outlets, state attorneys general, radio and TV programs including my interview on WNHN with Arie Arnesen (starts at minute 7:00) have strongly recommended a security freeze on the three major credit bureaus — with the effect that many people have done so, and many more will do so.

For Equifax and other credit bureaus, the reality is this: When millions of consumers put a security freeze on their accounts, credit bureaus can no longer sell this consumer data to financial firms, marketers, promoters, and others. If millions of consumers do this, it adds up to a noticeable loss in revenues. And it would be long-term — because consumers whose data has been compromised will need life-long protection going forward. As a result of this fiasco, and as a result of nearly everyone with a public voice telling consumers to put a security freeze on their accounts, the industry as we know it might finally change.

Here’s what you can do to protect yourself after the hack, and Equifax doesn’t want you to do it. Read… Worst US Consumer Data Hack Ever? Equifax Confesses