Equifax and the National Security Threat of Offshoring

By John Miano on September 9, 2017

For the first time, I give stock advice here: Sell Equifax and buy data security stocks, such Symantec, which owns Life Lock. (For the record, I do not trade stocks.)

For years I have warned of the national security threat that offshoring poses. In 2004, I testified before the New Jersey State Senate Budget Committee on the looming data threat from offshoring.

The big offshoring disaster I have warned about may have finally occurred. In July 2017, the credit bureau Equifax discovered that it had compromised the personal information of 143 million customers. Only now is the public finding out about the incompetence at Equifax — incompetence that affects nearly half of all Americans.

By now the first lawsuits seeking class action status have already been filed and there is a good chance that discovery will turn up that Equifax had all kinds of warning signs that something was amiss before the breach.

On Glassdoor one finds this in an employee review:


Completely clueless senior management

Silo development

Extreme amount of the development is being outsourced to save money, so it is done on the cheap and we get developers who have absolutely no experience and no skills. Fully 90% of the work received from the outsourcing groups is of substandard quality to the point of being almost useless. But hey, it was cheap.

Advice to Management

As far as the IT development goes, they need to get some people in there who understand how modern software development is done. The outsourcing groups need to be held to a much higher standard, in all the time that I have been there, I have never seen any software received from an outsourcing group be reviewed by any senior level software engineer. Stop bringing in your cronies from GE who view the IT development as a group of widgets that can be swapped out to India. You are sending all of our intellectual knowledge off to a group of companies that want to take that knowledge and then compete with us overseas.

In a video, former Equifax CIO Rob Webb describes how the company offshores development to the Indian company Infosys:

Over the past five years, Equifax and Infosys have enjoyed an expanding strategic supplier relationship. Infosys has been critical to helping Equifax accelerate innovation, particularly in our direct-to-consumer platforms. Infosys has also helped Equifax reduce our cost through the strategic outsourcing of our application development, maintenance and support. The company demonstrates unparalleled customer-centricity, and we have been extremely pleased with the evolving relationship.

Interestingly, Webb came to Equifax from GE, just as the employee quoted above complained about.

I have emphasized what Infosys was working on because, the New York Times reports:

Criminals gained access to certain files in the company’s system from mid-May to July by exploiting a weak point in website software, according to an investigation by Equifax and security consultants.

The concern about Equifax offshoring data had been raised before. This blog post on the CNN website describes offshoring at Equifax. The author writes:

I'll bet that when given a choice, consumers prefer that their credit and financial data is kept within their country's borders, rather than being transmitted around the globe.

The author concludes with:

That data breach in another country may never happen, but if and when it does, consumers have a right to know — promptly.

It looks like the breach did happen, but the only thing that happened promptly after the breach at Equifax was that senior executives sold their stock. Something is clearly wrong when company insiders are able to sell their stock before the public knows their data has been compromised.