In the summer of 2017, a data breach occurred at Atlanta-based credit bureau Equifax affecting the records of more than 140 million consumers in the United States. The company announced the incursion in September, arguably one of the largest such breaches in history at the time, giving hackers access to private information—names, Social Security numbers, dates of birth, credit card numbers, even driver’s license numbers.
Into that scene, WashU Olin alumnus Paulino do Rego Barros Jr. stepped as the company’s interim CEO, charged with managing the fallout from the situation. Employees were scared as they faced furious backlash—even threats from consumers. Systems were overloaded as consumers flooded the firm’s call centers and websites. “The building was on fire,” do Rego Barros said.
In this episode, we examine the steps he and his colleagues took to confront the situation and begin to restore trust among consumers, customers, regulators and policymakers. While avoiding the regulatory and legal issues—these won’t be relitigated in this episode—we focus on three primary decision points: Engaging with employees, engaging and reassuring consumers (e.g., individuals), and doing the same with customers (e.g., banks and other institutions).
The subject remains topical today as companies and institutions continue to be vulnerable to data breaches that expose private consumer information. What decisions had to be made in the immediate aftermath of the breach? What were the implications? How does a business re-establish trust with customers under those circumstances? Then, once the immediate fire is quelled, how do you propel the business into a better place?