Equifax' (EFX) CEO Paulino Barros on Q4 2017 Results - Earnings Call Transcript

Equifax Inc. (NYSE:EFX) Q4 2017 Earnings Conference Call March 2, 2018 8:00 AM ET

Executives

Jeff Dodge - Investor Relations

Paulino Barros - Chief Executive Officer

John Gamble - Chief Financial Officer

Analysts

Jeff Goldstein - Morgan Stanley

Brett Huff - Stephens

Gary Bisbee - Royal Bank of Canada

Andrew Jeffrey - SunTrust

David Togut - Evercore ISI

Allison Jordan - Cowen and Company

Manav Patnaik - Barclays

George Tong - Goldman Sachs

Shlomo Rosenbaum - Stifel

Tim McHugh - William Blair

Kevin McVeigh - Deutsche Bank

Bill Warmington - Wells Fargo

Andrew Steinerman - JPMorgan

Operator

Good day, and welcome to the Equifax Fourth Quarter 2017 Earnings Call. Today's conference is being recorded.

And at this time, I'd like to turn the conference over to Jeff Dodge. Please go ahead.

Jeff Dodge

Thanks, and good morning, everyone. Welcome to today's conference call. I'm Jeff Dodge with Investor Relations. And with me today are Paulino Barros, Chief Executive Officer; John Gamble, Chief Financial Officer; and Trevor Burns, Investor Relations. Today's call is being recorded. An archive of the recording will be available later today in the Investor Relations section in the About Equifax tab of our website at www.equifax.com.

During this call, we will be making certain forward-looking statements to help you understand Equifax and its business environment. These statements involve a number of risks, uncertainties and other factors that could cause actual results to differ materially from our expectations. Certain risk factors inherent in our business are set forth in filings with the SEC, including our 2017 Form 10-K and subsequent filings.

Also, we will be referring to certain non-GAAP financial measures, including adjusted EPS attributable to Equifax and adjusted EBITDA, which will be adjusted for certain items that affect the comparability of the underlying operational performance.

For the fourth quarter of 2017, adjusted EPS attributable to Equifax excludes, among other things, acquisition-related amortization expense; certain costs related to the cybersecurity incident, including costs to investigate and remediate the cybersecurity incident; legal and professional services; a contingent liability for cost associated with providing free credit file monitoring and identity theft protection services to consumers; and the income tax effects of stock awards recognized upon vesting or settlement and in the recently enacted U.S. Tax Cuts and Jobs Act of 2017.

Adjusted EBITDA is defined as net income attributable to Equifax adding back interest expense, net of interest income; depreciation and amortization; income tax expense and also excluding certain onetime items, including the cost related to the cybersecurity incident. These non-GAAP measures are detailed in reconciliation tables, which are included with our earnings release and are also posted on our website.

Now, I'd like to turn it over to Paulino.

Paulino Barros

Thank you, Jeff, and good morning, everyone. Yesterday, we provided an update on the cybersecurity incident that occurred last year. Let me provide now some perspective. In conjunction with the forensic investigation completed last fall by Mandiant, we concluded that the attack that was predominantly focused on selling Social Security numbers. So, we worked with Mandiant and defined a reasonable and sound methodology that use names and Social Security numbers as the key data elements to identify persons impacted.

As we continued to analyze the data, we were able to identify approximately 2.4 million consumers, whose names and partial driver's license information were stolen, but who were not in the previously identified population. The information was partial because in the vast majority of cases, it did not include home addresses, state of issuance, date of issuance and/or expiration dates.

They were not identified using the original methodology as their Social Security number was not stolen. We use proprietary company records that the attacker did not steal and engaged the resources of external data provider in order to identify these consumers. Additional details on this can be found in yesterday's press release and in our 10-K. Ever since September 7, we have taken and will continue to take steps to reach out and assist consumers and our customers.

Transparency and open communication has been the cornerstone of our efforts following the disclosure. It is with this commitment in mind that we are actively reaching out and we will be offering those additional consumers identity theft protection and file monitoring services at no cost today.

In the 4 months since our third quarter earnings release, we have made substantial progress in the four critical areas of focus I highlighted. I would like to thank our 10,000-plus employees around the world for their tremendous execution and dedication over this period. I would like also to thank our customers and partners for their support as we remediate the cybersecurity incident and restore our reputation.

There will still be a lot of heavy lifting in 2018 and 2019 as we execute our information technology and data security plans, work to regain the confidence of our customers and consumers, work with regulators and state and federal governments and develop new solutions to protect sensitive consumer information in today's rapidly advancing technology ecosystem.

The Equifax teams understands the need for consistent strong execution against our plans over the next 18 to 24-month period with a focus on making Equifax a global leader in information technology and data security and to reestablish Equifax as the innovator in delivering data and analytics-based solutions and insights our customers use to make better decisions.

Fourth quarter financial results from ongoing operations came in better than unexpected both from revenue and cash EPS. Growth cost related to the cybersecurity incident came in about as expected, and we were partially offset by insurance and recoveries in the quarter. John Gamble will walk you through the details of the results, including the net costs related to the cybersecurity incident and the impact of the U.S. tax reform, as well as provide our current view of full year 2018.

We continue to make great progress on the four critical areas of focus we highlighted in our third quarter 2017 earnings call in November. These critical efforts are being closely managed by our transformation office with the support of outside advisors. First, improving consumer support and consumer's ability to understand and control access to credit information.

We believe that the data and analytical service that Equifax provides substantially increases transparency in credit decisions, allowing financial institutions and other businesses to make more informed and timely consumer credit decisions. Equifax believes, in general, this increases access to and reduces the cost of credit to consumers worldwide.

We are committed to work with others in our industry in providing education to help consumers better understand the role we play in the financial ecosystem and provide the technology to help consumer control access to credit information about them. We substantially improved both online and consumer support related to the TrustedID Premier service.

We offer it free to all U.S. consumers, including the free for life Lock & Alert service launched on January 31. We believe both the online and call center support experience will continue to substantially improve throughout the quarter. Through February 23, 97% of the calls were answered in less than 30 seconds and the abandon rate was less than 1%. We will continue to make improvements in the service throughout 2018.

The period in which we offer free credit freezes has been extended through June 2018. Currently, the number of credit freezes are less than 2% of the total U.S. credit file. This level of credit freezes have been relatively stable since mid-November. Lock & Alert was successfully launched on January 31, as we committed last fall. The service we offer is simple and easy-to-use.

A consumer can be seen in front of a lending officer, unlock their Equifax credit report, complete the loan approval process and then lock their report again. The ultimate control for the consumer is facilitating a decision for our product or service the consumer wants when they want it, and without exposing the information to fraudsters or criminals.

We have developed educational material to help consumers understand personal credit information and how they can best protect that information from fraudulent use. The material includes new video content to aid interest and educating, using everyday terms and language the consumer can easily understand. It can be found in our equifax.com website.

We have also integrated social media, including YouTube, Facebook, and Twitter, to facilitate a new, more consumer-friendly conversation. I encourage each of you to try the service.

Second, ensuring we take significant action to protect the consumer and commercial data that has been entrusted to us around the world. We are committed to becoming an industry leader in information technology and information security management, and the plans we have established reflect this goal.

Substantial progress has been made since November, working closely with our partners in four critical areas. A, strengthening IT and data security at the infrastructure network and application layers. Cyber operation has been enhanced to provide broad and redundant network visibility, intrusion protection detection and access monitoring and controls.

At present, we have three redundant teams, two external, executing cyber operations and system monitoring. We are and will continue implementing what we believe are industry best practice in systems. We announced the permanent CISO last week, Jamil Farshchi. He comes to Equifax with great experience from Home Depot, Time Warner, Visa and NASA.

Russ Ayres, our Interim CISO will work with Jamil during a leadership transition period to ensure we maintain consistent in our interactions with customers and regulators. Russ will continue with Equifax in a senior leadership position. I want to personally thank Russ Ayres for his incredible work over the past 6 months.

Work to streamline and simplifying our networks and application infrastructure has extended and accelerated. This initiative will not only enhance our security posture by reducing what is known as the attack surface, but it will also support the rest of product execution. And lower complexity should also enhance our network resiliency and ultimately, lower costs.

Modern processes and structures for the management of the information technology and data security have been and will continue to be refined and is present. We are adopting our robust enterprise risk management framework based on the three lines of defense used by leading financial institutions and in line with the Federal Financial Institutions Examination Council's, FFIEC, framework.

Let me explain this model. The first line of defense is the operational line. The organizational leader, who directly own and manage the risk, in this case, IT and security. The second line of defense provides risk oversight. We are substantially building out a risk office, which will have a direct reporting line to the technology and other committees of the board. The risk office will be responsible for establishing risk frameworks, policy and standards, performing independent risk-based monitoring and testing and independently identifying and assessing material, IT and security risks.

The third line of defense is, as would be expected, our internal audit group, which we will supplement with third-party support. Internal audit working with third-party auditors will audit the effectiveness of second line oversight, as well as doing direct, extended audits of the first line. The technology commission of the board has been tasked with the oversight of IT security and data governance.

The risk office being formed will have independent reporting to the technology committee. Internal audit and certified audit plans and results will be revealed by the technology committee. An outside adviser, currently PwC, will report quarterly to the technology committee on the progress of our enhanced technology and information security governance against plans and will annually provide an overall risk assessment.

Risk escalation process have been revised to support rapid escalation of potential information and data security events, as well as other areas that would possibly require public disclosure and/or the suspension of trading in Equifax securities by executives or personnel. The annual incentive plans for all employees have been revised to include achievement of information technology and data security priorities. Also, the senior leadership team will have additional measurable MBOs tied to information technology and data security.

Enhanced data governance and protection practice are moving forward as well. We have added a Chief Private and Data Government Officer to lead this area and drive consistent practice globally. Our 2018 and 2019 IT and security plans are substantially in place and execution is underway. Third, working with customers and partners to gain their insights reviewed for us and most importantly, solidify our historic relationships.

Transparency into the cybersecurity incident, our response and our overall plans is a continued area of focus. Over the past 4 months, we have significantly extended the path and frequency of detailed customer and partner meetings, both domestic and international. We believe these briefings have provided much greater clarity for both our customers and partners.

In addition to specific customer reviews, multiple whole day group briefings have been held for groups of customers and partner executives and security teams. The meetings have focused on detailed discussions of the incident, where immediate response and most importantly, our mid and long-term information technology and data security plans.

These briefings were led by our business unit presidents, our CISO, our CIO, our Chief Transformation Officer and PwC. And we believe we're very successful as they allowed customers and partners to interact. And we serve not only to improve understanding of our effort, but also to provide our customers and partners with insights that can assist their own IT and data security efforts.

We believe we are making good progress with customers and partners in terms of regaining their trust and their willingness to utilize our new and unique product offerings. As expected, we did see an impact related to these factors on our USIS and Workforce Solutions revenue in fourth quarter 2017. However, we saw this impact lessen as we moved through the quarter and more customers began purchasing new products as discreet services.

GCS revenue was impacted in fourth quarter 2017 to a greater extent than third quarter 2017, and the subscriber base was impacted by churn and the substantial reduction in customer additions. This was expected. And as we stop all direct-to-consumer advertising and gross selling activities in September, customers and partners continue to offer assistance and are collaborating to help us accelerate our IT data security implementations, and we greatly appreciate this partnership.

Fourth, responding to and working with government and other regulatory bodies as they investigate the incident. We are incorporating and working closely with U.S. state and federal regulatory agencies and legislators and several regulatory agencies outside the United States as they continue their investigation of the cybersecurity incident.

We continue to be fully committed to re-earning the trust of consumers and the governmental bodies chartered with protecting those consumers. The 2017 10-K filed last night provides details regarding the legal and regulatory claims against Equifax, generated related to the cybersecurity incident. Due to the very early stage in the process of these claims, we are unable to provide any view of potential outcomes.

As we look to 2018, in addition to their commitment to the four critical focus areas we just discussed, the business units are executing on their critical growth initiatives. Across USIS, Workforce Solutions and International, there are 3 common themes.

First, explaining the impact of analytics, including machine learning through Cambrian Ignite. Two, increasing penetration in the identity and fraud markets. And three, continue to grow solutions that integrate Equifax customers and third-party data sources, utilizing our global interconnect decisioning and IP gateway platforms.

USIS will drive New Product Innovation, NPI, and penetration of existing products through: one, driving Cambrian, Ignite and marketplace solutions across more customers and verticals, including trended data solutions and machine learning-based solutions; two, expanding real estate beyond mortgage to include rental markets and data; third, extending InstaTouch, an InterConnect-based product, across more verticals and customer interaction use case; fourth, driving market adoption of identity verification products, only ID, and other platforms-based products new to the market, late in 2017; and five, increasing market friction of our data-driven marketing solutions.

International had an outstanding year in 2017, particularly with delivering strong NPI-based growth. In 2018, they will drive growth through, one, increasing Cambrian, Ignite based solutions in Canada and Australia, including trended data and machine learning-based solutions, deploying Cambrian throughout Latin America and the U.K. to accelerate their delivery of advanced analytics; two, expanding market penetration in fraud prevention in Australia and Latin America using our global fraud exchange platform; three, building on their success in growing debt management globally, leveraging recent wins in Latin America and Canada; and fourth, building on recent wins in Europe, Canada and Latin America in decisioning solutions based on analytics through Cambrian and our InterConnect platform.

Workforce Solutions delivered yet another strong year in 2017, driving by growth in the verification business. In 2018, they'll continue to drive growth through: one, continued expansion of channel partners and growth of records in verification database, leveraging significant operational improvements in the process of loading records into the database and accessing the database for verifications; two, international expansion of the verification business into Canada and Australia; and third, in Employer Services, expansion of our services in hiring and on-boarding solutions.

The Global Consumer Solution business unit is the most directly tasked with our critical focus on improving consumer support. And the U.S. consumer direct revenue was most significantly impacted by the cybersecurity incident.

In the first quarter 2018, as we launch the new free walk and alert service, we will continue to refrain from direct-to-consumer advertising for U.S. consumer direct-based products. We continue to evaluate the U.S. consumer direct business and will provide an update to you as decisions are made.

As they enter 2018, the GCS team will be focused on: First, continue the launch of Lock & Alert following the launch on January 31 and ensuring the delivery of outstanding service to the users of our TrustedID Premier service; second, improving the overall service levels throughout our worldwide consumer direct business; and third, beating and expanding our successful direct-to-consumer reseller business and our recent ID Watchdog acquisition in the U.S.

In NPI, our New Product Innovation, continue to make strong contribution to our revenue growth. We ended 2017 with 55 new product launches, a 10% vitality index, and the 107 active new product initiatives in the pipeline for 2018. Our current outlook for 2018 is to further build on the success we realized in 2017 and the three drivers with NPI revenue for 2018 included.

InstaTouch, digital ID, IBM fraud, Ignite and Cambrian compliance and connect and a variety of new solutions in the housing and the auto verticals. In 2018, the economic background for the major markets we service each generated favorable. Our expectation in U.S. GDP will be up between 2.5% and 3%. We expect modest growth in consumer credit, excluding mortgage.

Mortgage market inquiries volume is expected to be down double digits for the full year of 2018 as we expect refinancing to be down consistent with 2017, with purchase inquiry volume up strongly. Consumer credit activity is expected to be broadly up across autos, bankcard, retail card, nonrevolving credit and home equity.

Internationally, we are expecting the U.K. and Canada to show slow growth with GDP growth slightly under 2%. Australia is expected to show good growth at around 2.5% with growth in Spain slowing to just under 3%. The strongest growth is expected in Latin America, where our largest countries of Argentina and Chile are expected to see increased GDP growth.

As we have said before, I and the entire Equifax organization apologize to the individuals whose personal information was stolen in the cyberattack, and we apologize as well as to our customers, partners, investors, communities and our seedlings [ph], who were disrupted by the cybersecurity incident at Equifax.

And as I have met with our employees throughout the world, there's a consistent and great commitment to continue to execute on the critical objectives discussed today and last quarter, and to continue to deliver with differentiated products and solutions to our customers based on the industry-leading analytics and unique data assets that allow us to deliver consistent growth and performance over the past decade. They are also committed to regaining the consumer's trust and confidence in how we manage, secure and use information about them.

With that, let me hand it over to John.

John Gamble

Thank you, Paulino, and good morning, everyone. As before, I will generally be referring to the financial results else from continuing operations represented on a GAAP basis. For 2017, additional items excluded from our non-GAAP results are the onetime cost related to the cybersecurity incident and the onetime benefit related to the U.S. Tax Cuts and Jobs Act of 2017. We'll provide details on these two items so you can consider them in your analysis.

In total, in 2017, we incurred nonrecurring costs related to the cybersecurity incident of $164 million. These have been partially offset by insurance recoveries of $50 million resulting in a net nonrecurring charge of $114 million. The $113 million of gross costs were generally for legal, cyber forensic investigations and other professional services related to the investigation of the incident or nonrecurring actions to improve security.

$51 million in accrued and incurred gross expenses related to the TrustedID Premier service we offered free to all U.S. citizens. This represents our estimate of costs to service individuals using the service today. The above costs are offset by $50 million of insurance recoveries for costs incurred to date and for which we have received the cash. We have $125 million of cybersecurity insurance under our E&L policy. We continue to expect to make claims to fully utilize the policy.

In 4Q 2017, the net nonrecurring costs related to the cybersecurity incident were $27 million. This reflected $77 million in gross cost, principally legal and other professional services related to the investigation of the incident or actions to improve security, offset by the $50 million of insurance recoveries, $15 million of which was received in 2017. The $77 million in gross cost were consistent with the guidance we provided in November.

In 4Q 2017, we had $48 million nonrecurring after-tax benefit from the U.S. Tax Cuts and Jobs Act of 2017. This benefit was principally from the remeasurement of deferred tax liabilities at the lower U.S. tax rate, which was partially offset by lower benefit of various foreign tax items. We expect our effective tax rate in 2018 to be approximately 27%. There are still some aspects of the law that needs further clarification and as these become more clear, our expected tax rate could change.

Now let's look at our operating results for the quarter. Total revenue for the quarter was $839 million, up 5% on a reported basis and up 4% on a local currency basis from Q4 2016. For the quarter, FX was an $8 million benefit. Adjusted EPS was $1.39, down 2%. In the quarter, we estimate that the cybersecurity incident negatively impacted total company revenue by just over 3%. This was consistent with the guidance we provided in November. USIS revenue in 4Q 2017 was $313 million, down 1% compared to the fourth quarter of 2016.

We estimate that the impact from the cybersecurity incident for USIS negatively impacted revenue by about 3.5% in the quarter. Online Information Solutions revenue was $211 million flat, when compared to the year-ago period. The decline in mortgage market activity, along with a negative impact of the cybersecurity incident, was partially offset by growth in other online activity, including banking in addition to growth in our ID and fraud solutions.

Total mortgage-related revenue for USIS was down 5% and total mortgage-related revenue for Equifax, including Workforce Solutions, was down less than 1%. This quarter was the first where we did not have the year-over-year benefit from trended data. As before, our performance continues to outpace the overall mortgage market or increase were down approximately 7%.

For the year, U.S. total mortgage related revenue was up 7%. Overall mortgage market increase were down for the year approximately 6%. Financial Marketing Services revenue was $69 million in 4Q 2017, up 1%. Revenue in this segment tends to be project oriented and as such, was more impacted by the cybersecurity incident. As we move through the quarter, performance in the segment improved.

Normalizing USIS revenue for the estimated negative impact of the cybersecurity incident and to a flat mortgage market, USIS revenue growth would have been between 4% and 5%. The adjusted EBITDA margin for USIS was 48.5%, down from 51% in 4Q 2016. The lower margins reflect the revenue decline in 2017.

International revenue was $245 million in 4Q 2017, up 15% on a reported basis and up 12% on a local currency basis. Growth was broad-based and benefited greatly from the new product revenue, which was very strong. Asia Pacific revenue was $79 million, up 12% in U.S. dollars and up 10% local currency.

Europe's revenue was $75 million in 4Q 2017, up 17% in U.S. dollars and 9% in local currency. Both the U.K. and Spain saw strong growth across their credit businesses. Latin America's revenue is $55 million in 4Q 2017, up 16% in U.S. dollars and 19% in local currency.

Growth was again led by our largest countries of Argentina and Chile. Canada's revenue was $36 million, up 18% in U.S. dollars and up 12% in local currency. Canada's growth was broad-based and reflects the strong performance showed throughout 2017.

International's adjusted EBITDA margin was 28.3% in 4Q 2017, down from 30.3% a year ago. The year-to-year was driven principally by litigation accruals unrelated to the cybersecurity incident. Workforce Solutions revenue was $183 million in the quarter, up 6% when compared to 4Q 2016. The cybersecurity incident impacted revenue by approximately 3.5 points and impacted the discrete business of Employer Services and to a lesser degree, that of Verification Service.

As the impact in EWS was more concentrated with government customers, we expect that will extend further into 2018 than with USIS. Excluding this impact, growth in 4Q was similar to 3Q 2017. Verification Services revenue was $126 million, up 11% with auto, consumer finance, government and talent solutions all delivering double-digit growth in the quarter.

Employer Services revenue of $57 million was down 5% versus last year. Employer Services, excluding Workforce Analytics, was down approximately 3%. This is the portion of Employer Services impacted by the cybersecurity incident. And excluding this impact, we would have seen low single-digit growth.

Workforce Analytics, the portion of the business that services employers and complying with the Affordable Care Act, was down about 10%. This was in line with our expectations for the quarter. Workforce Solutions adjusted EBITDA margin was 45.5% in 4Q 2017, down 30 basis points from the 45.8% in 4Q 2016. Severance costs incurred in the quarter more than explained the decline in margin.

Global Consumers Solutions revenue at $97 million in 4Q 2017 was down 2% on a reported basis and on a local currency basis. Revenue on the quarter was benefited by the ID Watchdog acquisition by about 4 points. Our U.S. consumer direct revenue declined almost 15% in the quarter as a result of the cybersecurity incident and the 3 TrustedID service we offer to consumers, we stopped marketing all U.S. direct-to-consumer revenue generating products in September. We therefore saw increased consumer churn levels in 4Q 2017.

We do not intend to advertise our U.S. paid products in the first half of 2018. Our 4Q 2017 partner and reseller revenue in our Canadian consumer direct revenues were slightly higher than 4Q 2016. Adjusted EBITDA margin was 32.4% in 4Q 2017, down about 2 points from 4Q 2016. In the fourth quarter, general corporate expense was $77 million. Excluding the nonrecurring costs associated with the cybersecurity incident in 2017, the adjusted general corporate expense for the quarter was $55 million, down about $2 million from 4Q 2016.

Adjusted EBITDA margin for Equifax was 34.8%, down 170 basis points from 4Q 2016. Our GAAP effective tax rate was a 1.2% benefit in the quarter, reflecting the $48 million tax benefit from the U.S. Tax Cuts and Jobs Act of 2017 and the $2 million benefit from the income tax effect to stock awards. Excluding nonrecurring items, our 4Q 2017 effective tax rate using calculating adjusted EPS was 31.6%.

In 4Q 2017, operating cash flow is $207 million in free cash flow, which includes $60 million of capital expenditures, was $147 million. For calendar year 2017, operating cash flow was $816 million and free cash flow, which includes $218 million of capital expenditures, was $598 million, down 1% and 8%, respectively.

Cash outflow related to the cybersecurity incident, including capital spending, was about $85 million in 2017, heavily in the fourth quarter. Capital spending incurred in the quarter was $61 million for 2017, total capital spending was $218 million or just over 6% of revenue.

Total cash balance at year-end was $0.34 billion with total debt at year-end of $2.7 billion. Our net debt at year-end of about $2.37 billion was down $175 million from year-end 2016. Our gross leverage was 2.34x EBITDA and our net leverage was 2.05x EBITDA at year-end 2017, both down from 2016.

Looking at operating results for 2017 in total. At a high level, revenue of $3.36 billion was up 7% in constant currency. Organic constant currency revenue growth was about 5%. We estimate that the cybersecurity incident negatively impacted revenue by just over 1 point.

Adjusted EBITDA grew almost 10% to $1.24 billion and the adjusted EBITDA margin expanded about 100 basis points to 36.8%. Adjusted EPS was $5.97, up 8%. Again, this excludes both the nonrecurring costs related to the cybersecurity incident and the nonrecurring tax benefit from the 2017 tax reform.

Now moving to guidance. In 2018, Equifax will be executing against the critical focus areas Paulino outlined earlier, as well as managing through the legal and regulatory issues related to the cybersecurity incident. To provide transparency into our financial performance, in addition to our GAAP results, we will be providing guidance in the following way.

Our non-GAAP financial results will include all increased costs related to IT and data security that are ongoing or permanent in nature. We will exclude from our non-GAAP financial results both the incremental or bubble costs incurred to implement our IT and data security plans and the legal and or professional service cost being encourage specifically to address the litigation and governmental and regulatory investigations related to the cybersecurity incident.

We will provide separate guidance as to the combined level of these costs. In terms of measurement, we have defined incremental IT and data security project costs that will be excluded from non-GAAP results to be limited to resource additions related to the projects being executed to address IT and data security; purchases of hardware, software or services to support projects being executed to address IT and data security; and when IT and data security projects are completed, put in service and stable, those costs will be deemed permanent and be included in non-GAAP financial results.

Now on to our 2018 guidance. For 2018, at current exchange rates, we expect revenue to be between $3.425 billion and $3.525 billion reflecting growth of 2% to 5% with about 1% benefit from FX. U.S. mortgage market inquiries are expected to be down about 10% with the resulting revenue headwind of about 2%. We are expecting continued impact from the cybersecurity incident in 2018 with the greater impact in the first half.

USIS is expected to have revenue growth percentage from flat to low single digits. Adjusted EBITDA margins are expected to decline up to 100 basis points. Workforce Solutions should have revenue growth percentage in the high single digits, approximately consistent with 2017. Adjusted EBITDA margin should be flat but up slightly.

International should have revenue growth in the low double digits, but below the levels of 4Q 2017. Adjusted EBITDA margins should expand, but to a lesser degree than in 2017. Global consumer services should see revenue decline over 10%. U.S. consumer direct revenue will accelerate its decline and represent well under one-third of GCS revenue in 2018.

Our current plans are based on the assumption that direct advertising and U.S. consumer will be minimal in 2018. The remainder of GCS is expected to deliver growth in 2018. Adjusted EBITDA margins are expected to decline significantly from 2017. Adjusted EPS is expected to be between $5.80 and $6.00 a share with approximately $0.02 benefit from FX.

To provide a basis of comparison for 2018 adjusted EPS versus 2017, the following impacts outside of the business units may be helpful. Calendar year 2017 adjusted EPS of $5.97 reflects both a lower than target annual incentive plan payment to employees and an effective tax rate of 31.8%, well above the 27% we are forecasting for 2018. If you normalize 2017 for these two items, increasing AIP to target and lowering the effective tax rate to 27%, you would need to increase our 2017 adjusted EPS by approximately $0.15 a share.

Ongoing cost related to IT and security, as well as costs related to the free services, including the Lock & Alert service we launched in January, are expected to be about $0.30 per share with the bulk of this cost increase in IT and security. Increased insurance costs will impact 2018 by approximately $0.10 per share. Over time, we would hope this increase insurance cost will decline.

As Paulino indicated, our focus is to be a leader in IT and data security. Our investments in 2018 and 2019 will reflect this. And in 2018, we are expecting approximately $200 million of net incremental IT and data security project costs and legal and professional fees being encouraged specifically to address the litigation and governmental and regulatory investigations related to the cybersecurity incident. This represents gross cost of $275 million, offset by $75 million of insurance proceeds.

Legal and professional fees related to litigation and regulation are expected to represent about 25% of this cost. These costs will be excluded from our non-GAAP financial results and guidance. If we are able to execute the IT and security projects more rapidly in 2018, we will do so. As a result, these cost assessments may increase.

Our adjusted EBITDA margin is expected to be generally at to slightly below the levels delivered in 4Q 2017. Capital spending is expected to be approximately 8% of revenue, above the 6% level in 2016 and 2017, reflecting increased spending for IT and data security.

For 1Q 2018, at current exchange rates, we expect revenue to be between $850 million and $860 million, reflecting growth of 2% to 3% with about a 1% benefit from FX. Mortgage market increase are expected to be down approximately 5% with resulting headwinds to revenue growth of about 1%.

Revenue growth in USIS and Workforce Solutions will be below the full-year levels discussed as we expect some continued impact from the cybersecurity incident in the first quarter. International growth will also be below the full-year expectation. Adjusted EPS was expected to be between $1.34 and $1.39 per share with approximately $0.01 of FX benefit.

Gross cost for incremental IT and data security project costs and legal and professional fees being encouraged specifically to address the litigation and governmental and regulatory investigations related to the cybersecurity incident, which are excluded from our non-GAAP financial results are expected to be approximately $70 million. This amount will be reduced by any insurance recoveries in 1Q 2018.

Now let me hand it back to Paulino for some final comments.

Paulino Barros

Thanks, John. We have made a lot of progress in the quarter addressing our commitment to consumers, customers, partners and regulators. The business units are executing well and our center of excellence providing strong support to all our efforts. However, there's still more work ahead of us and regaining our credibility with our constituencies, including our shareholders. The DNA of this company is underpinned with both, a deep commitment to strong ethical principles and values and a strong focus on execution.

As I have mapped with our employees throughout the world, I sense a great level of enthusiasm and commitment to move this company forward with a heightened level of focus on protecting and safeguarding all of the consumer and commercial information we store and manage.

And with that, operator, we will now open it up for questions.

Jeff Dodge

Operator, I realize that the formal part of our presentation has been a bit longer than usual. We will stay past the 9:30 stop that we would normally do, but I doubt that we will be able to get through the queue, and so I want to apologize in advance to those who were not able to get their questions out, but we will be available later today by phone. So, with that operator, could you activate the Q&A session please.

Question-and-Answer Session

Operator

[Operator Instructions] We'll take our first from Toni Kaplan, Morgan Stanley.

Jeff Goldstein

Hi, this is Jeff Goldstein on for Toni. Thanks for taking my questions. Just now that we're almost 6 months since the breach, can you talk about how your conversations with customers have been evolving? Are the customer audits continuing? Or have you been more successful in converting new business? Do you think these audits are going to end soon? And on that topic, do you think any permanent share shift has occurred at this point?

Paulino Barros

Our conversation continues to be very positive in this sense, as I explained the last quarter, coming from the emotional perspective to a more rational perspective. As you could imagine, we have been there in several hundreds of customers, talking to them about what happened, what caused, how it can help them actually to improve. Actually, the conversation runs about how we can improve their security system to be update in the areas that we're doing in improving our relationship.

We have two customers that have a higher level of requirements for us to achieve, but it's not the majority of the customers. The most affected area in the company is the USIS; followed by Workforce Solution; and then, of course, GCS because the consumers, since we are not advertising anymore, we're not getting new consumers, and least in international. So, we haven't seen any specific share shift in the B2B side of the business.

Of course, we have seen a degradation of the GCS consumer base, but nonmajor share shifting has happened so far. And as we continue to demonstrate our ability to understand and invest in our projects for the customers, the more closer they get to us and to the point they're now returning to acquire new services and products that we have.

John Gamble

We did talk about the impact of the cybersecurity incident on revenue, obviously, in the third and fourth quarters, and we said there'd be a continuing impact in the first quarter. So that as those impacts are now transitioning over 6 to 7 months, clearly, you're seeing some movement in revenue because of the fact that we are seeing an impact to us, right? But again, as Paulino said, we think the progress is very good with our customers in terms of our conversations.

Jeff Goldstein

That's helpful. Thank you. And then just within USIS in the quarter, revenue growth was only down modestly, but margins were down 260 basis points. So, I was just wondering if were there more operating investments this quarter maybe in light of the breach? Or is there just anything else to call out there to explain that margin decline with revenue growth only down modestly? Thanks.

John Gamble

Really nothing specific, right? Obviously, the revenue at USIS is relatively rich. Mix shift can also affect it in the quarter. Our plans would have been built around assuming continued growth in USIS. So, since that didn't occur, we did have some elevated expense levels in the fourth quarter. And then, therefore, with the lower levels of revenue, we saw a bigger impact on margins than you saw in the third quarter. But nothing specific beyond that.

Jeff Goldstein

Thanks a lot.

Operator

We'll take our next question from Brett Huff, Stephens.

Brett Huff

Good morning. Thanks for taking my questions. Two, one big picture, and then one just sort of making sure we understand the numbers. Regarding sort of the numbers on USIS or the overall USIS business, some of your competitors were growing sort of mid-to-high single digits. You guys said were down minus 2%. Maybe it would have been 4% or 5% ex the breach. There's still a delta there between, I think, where your peers are and where you guys are in terms of growth.

You mentioned you don't see any permanent share shift. Is the delta between those two numbers, the normalized number for you and sort of the peers, is that just a temporary delay? Or is that how we should continue to understand that, that revenue hasn't disappeared, it's just delayed? Is that right?

John Gamble

So, in terms of the impact of the cyber incident, again, we're not talking about revenue impacts that will have lasted 6 to 7 months. I wouldn't consider that delayed. That's revenue that has been lost. So, that's how I think you should consider that revenue. In terms of comparing us, the 4% to 5% growth, again, the model we have had prior to this, and I'm not reestablishing the model here, but I'm using it as a reference point.

The prior model we had for USIS was somewhere between 5% and 7%. So, to the extent taking these effects into account and excluding them, obviously, and adjusting for mortgage, if we're somewhere near 5% given the environment we're in right now and the effects of the cybersecurity incident that might be difficult to measure, I don't think 4% to 5% is that bad.

Brett Huff

Okay. And then the second question is just on the cost. I want to make sure I understand. You're spending money, and then determining kind of which ones are going to be ongoing and which ones sort of taper. Once you determine the expenses that are going to be going, that's when you roll it into, including that cost in your pro forma EPS. Is that, am I hearing that right?

John Gamble

That's correct. So, in terms of when something is going to be considered nonrecurring, we're measuring it against specific project definition. So, the project has to be defined and agreed upfront and generally, some type of deployment or implementation. And when that occurs or in some cases, elimination. A significant part of the spending is around elimination of systems, not the addition of new. And when those projects are completed and then put into service and stable, then we make them ongoing. And it's only the cost of getting them into service and stable that we will exclude and consider nonrecurring.

Brett Huff

Great. Thanks for the clarifications.

Operator

We'll go next to Gary Bisbee, Royal Bank of Canada.

Gary Bisbee

Yes, thanks. Let me just follow up on that last one, can you give us any kind of an estimate what the increase would be in the ongoing expense once all the stuff you're - the projects you just referenced that will be excluded now go into - once the things are turned on? I mean, should we think that's another step-up in 2019? Or is it just too hard to know at this point?

John Gamble

So, we gave you a specific number for 2018. I can't give you a number beyond 2018. But in general, I think the way we think about it is to the extent we're successful, a reasonable portion of what we're doing results in system simplification. And since that's the case, the simplification should actually help drive IT costs down. Now there will be some increased costs for data security over time that will continue to escalate as we go forward.

We expect that to be permanent. It was happening even before the cybersecurity incident. But a significant portion of the expenditure is around simplification, which that simplification will also hopefully drive lower IT costs in the future. If you look at our total IT cost as a percent of revenue, we spend at a healthy rate today. So, there's opportunity there.

Gary Bisbee

Okay, great. And then just thinking about revenue, I guess, a two-part question. I think you said that the bookings trends improved somewhat during the quarter. Can we get some more color on that and what's happening there? And then can you help us frame - when bookings do sort of normalize at some point, how long does it take to ramp back up to the type of growth you would have been at? I mean, it strikes me if you lose a lot of the bookings momentum for 6 to 12 months, that there's another probably 12 months after that to sort of refill the pipeline and whatnot, and so it would be a slow build back. Is that right? Thank you.

John Gamble

So, I think the first part of your question is effectively how do we determine the value that we're indicating for the impact of the cybersecurity incident on revenue. And basically, the way we do that is we take a look at transactions that we could see had a reasonable likelihood of executing. And then we know a reasonable rate where those would have converted in the past and when that rate is substantially lower than we would have normally seen looking forward, we would attribute that to the cybersecurity incident. And that's how we did it. It's the same thing we did in the third quarter.

Looking forward in terms of looking at 2018, we've given guidance for USIS for 2018. So, the best thing I can point you at is the guidance we've given for 2018. And as we move through the year, we'll talk more about how we're seeing the revenue performance progress. And then we'll talk more about how we're seeing new product deployments occur, which we've done historically. So, I think you'll be able to get a view based on those discussions as we go forward.

Gary Bisbee

Alright, thank you.

Operator

We'll go next to Andrew Jeffrey, SunTrust.

Andrew Jeffrey

Hi guys, good morning. Thanks for taking the questions. I guess, I'm trying to ascertain, Paulino, you talked about a few growth initiatives where you're really focused and enthusiastic. I'm thinking about in the U.S. this year, fraud, ID, enhanced marketing offerings, et cetera. Can you just comment on sort of where we are in terms of NPI, vitality or momentum and how much the long-term effect, if any, disruption in the strong NPI growth that we've seen over the last few years informs the structural growth opportunity for Equifax, recognizing that vintages build on each other? I just wonder how much of a disruption we've seen in the new product initiative growth drivers.

John Gamble

Paulino is going to address the specifics. But just to remember what we've said historically, right, is that we do expect to see deferral in the NPI pipeline as we go into 2018 because, obviously, we are taking a significant amount of resource and focusing it on IT and data security. So, you will see some of that, and it will result in a lengthening of the time period it takes us to develop and deploy new products. But I think Paulino can talk about it more.

Paulino Barros

Yes. If you look at the numbers that we achieved in 2017, right, the number of products that we have in the pipeline and the number of products that we launched. Our cycle is usually 18 months, right - 12 to 18 months to launch a product. [Indiscernible] the digital products more and the network products. Fortunately, we will enter 2018 with 107 new products in the pipeline, which will help us in the next 18 to 24 months. As we mentioned before, as we learn in this process, right, it takes that long first to fix the issues and to improve to a different level what we have here in the company.

So, as John mentioned, we are moving some of the resources that we have to make sure that we improve our security and IT, as we mentioned. Now we still have part of it that we will continue to work in new products. And we continue to work in acquisitions. We continue to be looking for new opportunities. Again, John mentioned correctly. And as we've said last time, we are taking resources and initially were used to NPI towards making sure that we execute and do it right and fast on the IT and security areas.

John Gamble

Long, long term to a private question. To the extent we're successful as we simplify the systems based on the investments we're making, then that should also be beneficial to new products, as we pointed out. But again, that's after you're completed.

Andrew Jeffrey

And have you seen any disruption Rest of World, recognizing that international markets were less impacted by the breach? Or is some of the initiatives, exporting Cambrian and so forth, are those relatively uninterrupted?

Paulino Barros

Definitely, customer base. But if you - at the end of the day, Canada has been a very small impact. U.K. has been growing. Europe has been growing. Spain, a very important growth for us last year. Adopting, maybe because they're kind of one phase behind the U.S. launching new products and we're trying to expand one of the efforts that has been made in this company for years now is to expand our global platform, which has helped us significantly.

Like, if products change, Cambrian and eventually, we will take InstaTouch outside of the U.S. So, to a lesser extent, we see that. But also important is the fact that a lot of the NPI that is driven by - that are driven by international are local as well. So, we have seen significant - actually, international continues to be one of the engines of this company for growth because they're NPI-based programs.

Andrew Jeffrey

Thank you.

Operator

We'll go next to David Togut, Evercore ISI.

David Togut

Thank you, good morning. You indicated that the negative impact of the breach receded throughout the quarter, both in USCIS and Workforce Solutions. I'm wondering, as you look at the linearity of the quarter, particularly in USCIS, did you actually return to growth in that business in the month of December?

John Gamble

Yes. We don't break things really down by month in terms of our public disclosures. But again, the reason we said that we saw improvement as we went through the quarter in terms of the performance of those businesses related to the cybersecurity incident is, we began to deliver at a better pace versus the forecast that we've had for ourselves in areas that were impacted by the cybersecurity incident. So, we saw a lessening of the impact that we have expected as we moved through the quarter.

David Togut

Understood. And then in terms of WS, you've indicated that you continue to have conversations with governments to restart that business a bit. Can you flesh out how those conversations are going? And are there any milestones we can track from our perspective to know how you're progressing in EWS as you go through 2018?

John Gamble

Are you referring to Workforce Solutions?

David Togut

Yes, Workforce Solutions.

Paulino Barros

Yes, Again, I think that we have - especially for the verification side, we have several government agencies that use our services, right? It's definitely a very sensitive area, and we have to move with a lot of caution and to make sure that we regain the trust and confidence of these customers. We have been working on that. Rudy Ploder and myself have been at those customers, talking to them, explaining to them, offering for them to comment and see what we have implemented to audit our process as well to make sure that we can rebuild our trust with this segment of the industry.

John Gamble

It's important to keep in mind, as we've mentioned, Verification Services performed well in the quarter. And as we've indicated, we expect it to continue to perform very well. So, Verification Services, which is the engine of growth and margin in that business and continues to perform well. We continue to add contributors to the database. So, we're quite happy with the performance of Verification Services as we look into 2018 and move through the year. We did indicate that for the first quarter, you'll see EWS to be a little weaker than the full year number. But overall, Verification Services is performing well.

David Togut

Understood. Quick final one. You're indicating GCS will likely return to growth in 2019. What underlies that conviction?

John Gamble

Yes. In terms of specific guidance beyond 2018, we're not going to give specific guidance beyond 2018.

David Togut

Thank you very much.

Operator

We'll go next to George Mihalos with Cowen and Company.

Allison Jordan

Good morning. This is Allison Jordan in for George. Thank you for taking my question. John, I know you laid out increased costs related to IT and data security when you detailed guidance. Can you help us think about how we should model corporate expense line in 2018 and the growth there?

John Gamble

In terms of the specific line item itself, most of those areas that I indicated had increased costs will impact the corporate line. So that's where you should model them. And also, the insurance cost, most of that cost will hit the corporate line. So, we should model that as well, but beyond that, no, nothing specific. We did also indicate obviously in the discussion that bonus accruals were down, so those should increase. So, all of those items should affect your corporate line. But in terms of specific guidance on corporate, we don't provide guidance by line item.

Allison Jordan

Okay. Thank you. That’s helpful. And then just one quick follow-up. Online Information Solutions exited the year basically flat in terms of revenue growth. It seems like that business is poised to return to growth. Can you help us think about the outlook for OIS in 2018?

John Gamble

Yes. Again, so we gave guidance for the USIS in total. So, the specific line item guidance, we don't really provide.

Allison Jordan

Okay, thank you.

Operator

We'll go next to Manav Patnaik with Barclays.

Manav Patnaik

Thank you, good morning guys. My first question is just more around the future of the direct consumer segment. Maybe can you just give us a sense of how many people actually signed on to the free TrustedID product you're providing and maybe how well it's running? Because personally, the experience here hasn't been too great. I mean, I guess, compared to at least the experience in TransUnion. Once we all signed onto, I don't think we've heard at all from TrustedID. So, I was just curious how that's performing. And do you guys actually think of speeding up the marketing spend in the second half of the year?

John Gamble

So, in terms of TrustedID, we think the performance, at this point, has been relatively good, right? We believe the call center support has been very good, and we're not hearing, at this point, that there are significant issues around TrustedID. To the extent you have specific issues with TrustedID, obviously, we are very interested in hearing what they are because we work to address them. We continue to invest in the service and to try to make it better because, obviously, the people that signed up deserve to have the best service we can possibly provide. Can you give me your second question again?

Manav Patnaik

Well, just the number of people that signed on for it and how should we think of the future of that segment. Like, how much do you spend on it?

John Gamble

So, you're referring to GCS specifically?

Manav Patnaik

Yes.

John Gamble

So, in terms of the total number of people that have enrolled in TrustedID, that's not a number we disclose. In terms of GCS, I think as Paulino mentioned, for this year, we're not going to be advertising in the U.S. consumer segment in the first half of the year. And we indicated that the amount of advertising for the full year is expected to be relatively low. But in terms of specific plans for the segment, in general, I think that's something we're still working. And then we'll give you updates on that as we move through the year and make those determinations.

Manav Patnaik

Okay, fair enough.

Paulino Barros

Our focus will be to launch the Lock & Alert service, right, to make sure that we deliver in our commitment at November last and make sure that the consumers have a great level of service in that area.

Manav Patnaik

Got it. And then just my second question is more, I think in the 10-K, you mentioned you're making a lot of strategic changes to your executive leadership team. I was just hoping you could give us a little bit more detail on what you've moved around and what's going on there?

Paulino Barros

I think you're referring to the inclusion of the seasonal reporting to me. So, this happened actually in the third quarter since - actually, a couple weeks after I arrived here. We have made a few changes at that time, which included the separation of the chief information security office from the - under the IT and reporting directly to the CEO. And also creating the chief transformation office area to make sure that we address all the issues related to the cybersecurity incident and respond to the cybersecurity incident with a focus to let the business units to continue to be focused on the business side and creating one area that can provide support for the cybersecurity incident, resources and actions.

John Gamble

Yes. And I think in Paulino's prepared remarks, right, there was a substantial amount of discussion around the specific governance structures that have been created, including risk office, tech committee and other areas, that strengthen governance around security, as well as drive culture around security more than just technology. So that is a fair amount of detail there.

Manav Patnaik

Okay. Thanks guys.

Operator

We'll go next to George Tong, Goldman Sachs.

George Tong

Hi, thanks, good morning. Paulino, I'd like to dig deeper into the revenue impact from the breach. Can you elaborate on whether prior new business deferrals have translated into revenues at this point and how the breach impact on revenue will play out as you move through 2018?

Paulino Barros

As I mentioned on the transcript, right, our performance - third quarter was tough because there was a lot of negative energy around and unknowns around. And as we move to fourth quarter, there were - we have more time to prepare and to be able to reach out to customers and work with them, explaining what happened, how it worked and the actions that we put in place in order to remediate and build the future. We have seen - as we mentioned earlier, we have seen a lesser impact at the end of the fourth quarter.

As we continue to work with the customers and demonstrate to them our improved [indiscernible] and the fact that, actually, we are raising the standards of what we want to operate, which is a - was very well welcomed by the financial institutions area. We are, of course, coming from cybersecurity incident. So therefore, we're being very careful on how we forecast our numbers to make sure that we don't break our tradition to be very close to execution reality, like we have been in the last 12 years.

George Tong

Got it, okay. And I guess the earlier question, how you expect the breach impact on revenues to play out as you move through 2018, is that mainly a first half headwind that you expect, and then it fully dissipates by the second half?

Paulino Barros

I don't think it will be that black and white.

John Gamble

I think we'll just have to tell you as we move through the year, right? We're certainly expecting an impact. Our planning would assume that it will be greater in the first half than the second half. But obviously, as we move through the year, we'll just try to keep you updated because it's obviously a fluid situation. But we are making progress.

Paulino Barros

Yes.

George Tong

Got it. And then, John, you indicated that you expect $200 million in net IT legal and professional fees that are onetime in nature. Can you flesh out your expectation for ongoing costs related to the breach and how you expect EBITDA margins - adjusted EBITDA margins to trend as you move through the year?

John Gamble

So, in terms of specific trending on March, we gave first quarter guidance and full-year guidance. And in my prepared remarks, we did talk a bit about the expenses we expected to incur in 2018 specifically related to security, and then also that we expected to incur specifically related to insurance. And that was in the prepared remarks. So, I think that detail is there, so you should be able to use that in your estimates.

George Tong

Right. Well, I guess, the question was around when you expect the ongoing costs to be essentially executed. When do you expect your investments to be made as you move through the year? Is it going to be front-end loaded or back-end loaded as you make your ongoing investments?

John Gamble

I'd say the ongoing investments are going to occur over the year., but in terms of the exact timing of when individual activities will get executed, I can't give you an estimate on that.

George Tong

Okay, got. Thank you.

Operator

We'll go next to Shlomo Rosenbaum, Stifel.

Shlomo Rosenbaum

Hi, thank you for taking my questions. I want to ask a little bit about GCS. There was talk about not marketing in the first half of 2018. It sounds like there will be marketing direct-to-consumer in the second half of 2018. At the same time, there's kind of a discussion of strategically trying to figure out what to do with that business. Can you give us just a little bit more color on that? Is the thought to when the 12 months of free monitoring is up, to go ahead and offer something for that’s a paid subscription? Or is there just a thought of migrating this to a different provider? Or can you just give us some thoughts on that?

John Gamble

Yes. Look, and it's a very - I certainly understand the reason for the question. And at this point in time, I think we just need to go back to the comments we made in the prepared remarks, which is we'll be able to - we'll give you more detail on how we're going to move ahead with the GCS business as we move through the year. But what we've indicated is that no advertising or marketing spend in the first half. We expected limited for the full year so that would indicate limited for the second half, and that's the way the planning base is built. But we'll - as we move through this year, we'll provide you with more information should anything change and as we get more specifics around that business, okay?

Shlomo Rosenbaum

Okay. And then as a follow-up, just in terms of the revenue in the quarter. It was actually - it did not decline that much. And I was wondering if your partners and resellers had a big bump in the fourth quarter, due to the cybersecurity breach. So, although your own direct-to-consumer business suffered from churn, but those that you're selling data to actually had a benefit from that, and they're purchasing it from you.

John Gamble

So not so much - the biggest benefit we got, obviously, in the quarter was really ID Watchdog, right, so the purchase of ID Watchdog. We got the full effect of the revenue from that purchase in the fourth quarter, so that was certainly beneficial. And then also, we've seen relatively good performance in Canada related to - in our GCS business in Canada, so you saw some benefit there. And those were two significant drivers. We also - this is the quarter in which we lapped our - the change in contract with Credit Karma. So that was a benefit to us in the period simply because we lapped the contract period year-on-year. So, I'd say those are the three things that probably affected GCS outside of the U.S. consumer business more than anything else.

Shlomo Rosenbaum

Alright, thank you very much.

Operator

We'll go next to Tim McHugh, William Blair.

Tim McHugh

Just a follow-up a little on the - or consumer business. Can you talk about the margins? I guess I think your comment was they'd be down a couple hundred basis points, which, I guess, given the revenue weakness, is understandable. But you also talked about minimal advertising expense. So, can you kind of walk through the puts and takes with that? And just trying to understand, as you do start advertising, how to think about the margins of the business.

John Gamble

Yes. So, I think you kind of just did the puts and takes, right? So, obviously, we had a reasonable revenue decline. And then the most significant offset was related to the fact that we didn't have - that the marketing expense was obviously substantially declined for the worldwide. There was some marketing expense outside the U.S., but very minimal. So, and those were really the most substantial puts and takes regarding the margins of the business report.

Tech spend was up a little bit because we're investing in Lock & Alert and TrustedID deployments, which would be incremental, too, which you'd normally see in that business because those are both - those both won't generate any revenue. But that - those are the general puts and takes that you see in that business right now.

Tim McHugh

Okay. And then just, I guess, two smaller ones. One, can you talk at all about the Mercury acquisition? I guess how big is it? And a little more information about it. And then on the tax rate, I guess, can you talk through - I thought it would be probably a little lower. But what are the puts and takes there, as well as - not to add a [indiscernible] on that, but the adjusted tax rate has typically been lower than the GAAP tax rate. I guess I assume the 27% was more the GAAP number, but can you talk about that at all? Thanks.

John Gamble

Okay. So, Mercury, it's a relatively small business, right, in Australia. I don't think we specifically disclosed the revenue size. But it's a relatively small business, and it's generally related to the onboarding, employee services, employee onboarding and assisting companies in onboarding and new employees. So, it's somewhat consistent with the types of business we would have in our Workforce Solutions business in the U.S. It's also consistent with the type of business we would have in Australia. You might want to say more.

Paulino Barros

Correct, yes. Well, actually, it just happened when I was doing this in Australia, we're finishing up the process. And it's a very unique, small business, a tuck-in, that we had in the area of employment side. We believe that this can help us in the future in the area to implement or to deploy our Workforce Solutions - The Work Number in Australia as well. This was a strategic move, a very unique company, very well positioned in Australia that we thought it was going to be of strategic value for us in the future.

John Gamble

In terms of tax rate. So, the 27% communicated is a little higher than you expected. So, there are still a fair number of the application of the Tax Act outside of the U.S., and certain circumstances are still unclear. So as those items are resolved, there's an opportunity for our tax rate to adjust. I would guess that based on the open items that are out there, if it's going to adjust, it would probably adjust down. But that's still not sure. But - so if it looks a little higher than you would expect, then I think it's probably driven by the fact that there's a fair number of uncertainties around the treatment of some specific tax items outside the U.S. As those become more clear, we can get more specific on the tax rate.

Tim McHugh

And then just is that a GAAP, is that the GAAP rate? Or is that the adjusted rate after we take into account kind how you apply taxes to the add-backs?

John Gamble

I think that should be approximately our GAAP and adjusted rate. They should be similar.

Tim McHugh

Okay. Thanks.

Operator

We'll go next to Kevin McVeigh, Deutsche Bank.

Kevin McVeigh

Great. Thanks. You made a couple of comments about expanding into the rental market as part of real estate. And just if I heard right, just no benefit from trended data. Can you just talk about those two items a little bit more?

John Gamble

Yes. And I'm sorry, just on the last question. So, there are adjustments. Obviously, the tax effects of the sale of the execution of employee stock options, et cetera, those benefits, we don't take in our non-GAAP rate, which do affect GAAP, right. So, my apologies for missing that in the last answer. So, can you ask your question again?

Kevin McVeigh

Yes, of course. The market opportunity for the rental market, be on mortgage in real estate. And then if I heard right, it sounded like you're lapping the benefit of trended data on the mortgage side. Are we through that at this point? Or just any thoughts on that as well.

John Gamble

Let me just kill off the second one real quick. So trended data, yes. So trended data, we launched trended data a year ago in August, right? So, for fourth quarter, there was no trended data in 2016 or 2017 in mortgage.

Paulino Barros

Yes, on the rental side, we actually expanded this vertical. Given our success and understanding of the mortgage side, we expanded - we call this vertical no housing, which includes both, mortgage and rental, which provides a great opportunity. We have very little penetration in this market, and we have already made some strides towards it. We brought some experts in the area to work with us, and we believe there is a great opportunity for us to expand in the future.

Kevin McVeigh

Got it. And then, John, any thoughts on when you return to buybacks?

John Gamble

No specific guidance at this point in time. Right now, what we're focused on is executing the plan that Paulino laid out and the IT and security actions that we discussed.

Kevin McVeigh

Thank you.

Operator

We'll go next to Bill Warmington, Wells Fargo.

Bill Warmington

Good morning everyone. You mentioned that the negative revenue impact from the cyber breach improved throughout Q4. Has that trend continued throughout Q1?

John Gamble

Yes. Certainly, we're not going to talk really specifically about Q1 at this point, right? And again, just to make sure I was clear in what I said, right, it was - what we said is the impact expected from the cyber breach in the specific business lessened as we moved through the quarter, right? So, it's a statement relative to our own expectation.

Bill Warmington

Right, right. Okay. And then a follow-up question. Are you seeing a return of the project-related revenue, specifically the revenue that had been put off as a result of the cyber security audits?

John Gamble

Yes. So, I think Paulino addressed this a little bit earlier, right, which is as we move through and we work with, with varying customers through the process that they have to make sure that they're comfortable with the cyber IT and data security actions we're taking. As we complete those reviews with a given customer, then we see that the process changes, and then our ability to sell discrete projects, as well as new products improves. And as we make progress with our customer base through that process, and we are making progress, then we see the opportunities to continue to sell new products. And then also, those discrete projects improves with time, and we are seeing that occur.

Paulino Barros

Yes. And like I mentioned at the beginning, the more rational that we get about the process and the more that we make progresses within our remediation and investment program in IT and security-related areas, the more we expect this progress to continue. But at this time, it's not a trend.

Bill Warmington

Okay. Excellent. Thank you for the insights.

Paulino Barros

Thank you.

Operator

We'll take our final question from Andrew Steinerman, JPMorgan.

Andrew Steinerman

Hi, John. Before you were talking, you mentioned you are going to formally restate at least part of the long-term algorithm about USIS. And I look at Page 30 of the 10-K and I see the multiyear algorithm stated and somewhat revised, 6% to 8% organic plus 1% to 2% revenue growth. And then the language that I think is revived is EPS growing faster than revenue growth over time due to operational leverage and financial leverage.

Obviously, the old goal was 10% to 13%. So, my question is, now post-breach, is there a different view about operating leverage? And I just want to make sure since it's in the 10-K that 6% to 8% organic growth for medium term is being restated today as the goal.

John Gamble

Okay. We're - Andrew, we're looking for that.

Andrew Steinerman

Page 30 of the 10-K.

John Gamble

Sorry - we're - how about we just - and I apologize here. We're not able to find where you're seeing that.

Andrew Steinerman

Over the long term, it starts. It's under business environment and company outlook. It's the second paragraph.

John Gamble

Andrew, we don't see it here, so we'll have to take it off-line. So, we're not sure what you're referring to, okay? So, we'll maybe ...

Andrew Steinerman

Okay. Thank you.

John Gamble

Okay. Thank you.

Operator

And at this time, I'd like to turn it back to Jeff Dodge for closing remarks.

Jeff Dodge

Okay. I'd like to thank everybody for their time and their interest. And with that, operator, we'll terminate the call.

Operator

That concludes today's conference. We thank you for your participation. You may now disconnect.