[Letterhead of Equifax Inc.]
September 24, 2012
Via EDGAR and ELECTRONIC MAIL
Mr. Larry Spirgel
Assistant Director
United States Securities and Exchange Commission
Division of Corporate Finance
100 F. Street, N.E.
Washington, D.C. 20549
Re: Equifax Inc.
Form 10-K for the Fiscal Year Ended December 31, 2011
Filed February 23, 2012
File No. 001-06605
Dear Mr. Spirgel:
Below please find the response of Equifax Inc. (the “Company”) to the comment of the staff (the “Staff”) of the United States Securities and Exchange Commission (the “Commission”) set forth in your letter dated September 7, 2012 to the Company. For the convenience of the Staff, the Company has restated the comment in italics.
Form 10-K for Fiscal Year Ended December 31, 2011
Risk Factors, page 15
Security breaches and other disruptions to our information technology …, page 17
1. We note you disclose that disruptions to your information technology networks and infrastructure may be vulnerable to damage, disruptions, or shutdowns due to various events, including cyber attacks and other security breaches. If you have experienced any cyber attacks, security breaches or other similar events in the past, in future filings, beginning with your next Form 10-Q, please confirm that you will state that fact in order to provide the proper context for your risk factor disclosure. Please refer to the Division of Corporation Finance's Disclosure Guidance Topic No. 2 at http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm for additional information.
Company Response:
The Company will modify its risk factor disclosure in subsequent filings, beginning with the next Form 10-Q for the quarter ended September 30, 2012, to reflect the Staff’s comment, substantially as indicated in the underlined language below:
Security breaches and other disruptions to our information technology infrastructure could interfere with our operations, and could compromise Company, customer and consumer information, exposing us to liability which could cause our business and reputation to suffer.
In the ordinary course of business, we rely upon information technology networks and systems, some of which are managed by third parties, to process, transmit and store electronic information, and to manage or support a variety of business processes and activities, including business-to-business and business-to-consumer electronic commerce and internal accounting and financial reporting systems. Additionally, we collect and store sensitive data, including intellectual property, proprietary business information, the proprietary business information and personally identifiable information of our customers, employees, consumers and suppliers, in data centers and on information technology networks. The secure operation of these networks and systems, and of the processing and maintenance of this information, is critical to our business operations and strategy.
Despite our substantial investment in security measures and business continuity plans, our information technology networks and infrastructure or those of our third party vendors and other service providers could be vulnerable to damage, disruptions or shutdowns due to attacks by hackers or breaches due to employee error or malfeasance, or other disruptions during the process of upgrading or replacing computer software or hardware, power outages, computer viruses, telecommunication or utility failures or natural disasters or other catastrophic events.
We are regularly the target of attempted cyber and other security threats and must continuously monitor and develop our information technology networks and infrastructure to prevent, detect, address and mitigate the risk of unauthorized access, misuse, computer viruses and other events that could have a security impact. Although we have not experienced any material breach of cybersecurity, if one or more of such events occur, this potentially could compromise our networks and the information stored there could be accessed, publicly disclosed, lost or stolen. Any such access, disclosure or other loss of information could subject us to litigation, significant losses, regulatory fines, penalties or reputational damage, any of which could have a material effect on our cash flows, competitive position, financial condition or results of operations. Our property and business interruption insurance may not be adequate to compensate us for all losses or failures that may occur. Also, our third party insurance coverage will vary from time to time in both type and amount depending on availability, cost and our decisions with respect to risk retention.
We hope that the foregoing has been responsive to the Staff’s comments. If you have any questions related to this letter, please contact me at (404) 885-8045.
* * * * *
The Company hereby acknowledges that:
| · | The Company is responsible for the adequacy and accuracy of the disclosure in the filing; |
| · | Staff comments or changes to disclosure in response to Staff comments do not foreclose the Commission from taking any action with respect to the filing; and |
| · | The Company may not assert Staff comments as a defense in any proceeding initiated by the Commission or any person under the federal securities laws of the United States. |
* * * * *
| Sincerely, | |
| /s/Dean C. Arvidson | |
| Dean C. Arvidson | |
| Senior Vice President, Deputy General | |
| Counsel and Corporate Secretary | |
| Equifax Inc. |
| cc: | Richard F. Smith |
| Chairman and Chief Executive Officer | |
| Kent E. Mast | |
| Corporate Vice President and Chief Legal Officer | |
| Lee Adrean | |
| Corporate Vice President and Chief Financial Officer |