Hynes & Hernandez LLC was part of the litigation team that prosecuted claims on behalf of Equifax Inc. (“Equifax”) against certain of Equifax’s current and former officers and directors for breaches of fiduciary duty arising out of Equifax’s massive 2017 data breach.
The terms of the settlement included: (1) the Defendants’ agreement to cause their insurers to pay to Equifax the sum of thirty-two million five hundred thousand dollars ($32,500,000); and (2) Equifax’s adoption and/or maintenance of numerous corporate governance and internal control reforms.
Among other things, these corporate governance reforms included:
• Equifax’s compensation clawback policy was revised to add a financial and reputational harm standard;
• The Board eliminated payments totaling approximately $2.8 million under the Company’s 2017 Annual Incentive Plan for certain members of the senior leadership team;
• The Compensation Committee approved a cybersecurity metric as part of the 2018 and 2019 Annual Incentive Plans. Achievement of this metric cannot increase compensation, but failure to meet it will decrease any award;
• The Technology Committee Charter was revised to add responsibilities related to cybersecurity and technology related risk management, state that all Committee members must be independent, provide for executive sessions with relevant corporate officers, authorize engagement of outside advisors, and review escalation protocols with respect to reporting of cybersecurity incidents to management, the Committee, and the Board;
• The Technology Committee Charter and Audit Committee Charter were revised to provide that the Committees coordinate to oversee risk management with respect to cybersecurity and hold joint meetings as appropriate;
• Equifax enhanced its training program for all employees, in particular in the areas of security and compliance. Equifax has increased the number of individuals in its security organization; and
• Equifax has implemented a new Enterprise Risk Management (“ERM”) framework. Equifax established a new Risk Office, with a direct line of communication to the Board, to enhance and coordinate the second line of defense under the Company’s updated ERM framework. Equifax created an ERM team within the Risk Office.