Risk Management

ISS Urges ‘No’ Vote on Five Equifax Directors

The proxy adviser says members of Equifax's technology committee should be held responsible for may be the most costly data breach in corporate his...
Matthew HellerApril 16, 2018

Proxy adviser Institutional Shareholder Services has recommended that Equifax shareholders not re-elect the company’s chairman and four other board members who served on its technology committee before what may be the most costly data breach in corporate history.

ISS said in a note to institutional investor clients that the five directors “had clear lines of responsibility for risk management related to technology security.”

The massive data breach and Equifax’s slow response, ISS added, “suggest a failure to adequately oversee some of the most significant risks facing the company.”

The credit reporting bureau recently disclosed it expects to incur another $275 million this year in costs related to the hack, bringing the total to $439 million through the end of 2018. Some experts predict the final bill will exceed $600 million.

Ten board members are up for re-election at Equifax’s annual general meeting on May 3. The five who ISS is recommending that shareholders vote against include Chairman Mark L. Feidler, G. Thomas Hough, John A. McKinley, Elane B. Stock, and Mark B. Templeton.

Hough, McKinley and Templeton were also on the audit committee at the time of the breach. Feidler has been on the board since 2007.

ISS’ recommendation follows a similar move last week by an adviser to union pension funds that own shares in Equifax.

“[T]he board’s failure to provide adequate oversight over a critical component of the company’s business operations has left shareholders with little option but to vote against directors McKinley, Templeton, and Feidler’s re-election to the board due to their long-term membership on the technology committee and failure to discharge their duties,” CtW Investment Group said in a letter to investors.

The letter noted that the hackers exploited “a known vulnerability brought to the company’s attention by the Department of Homeland Security and for which a patch had been available for two months prior to the hack even taking place.”

An Equifax spokeswoman said the company was confident that shareholders “will recognize the tireless efforts of each of our directors.”