Professional Documents
Culture Documents
Running Head: Equifax 1 Equifax Name Institution
Running Head: Equifax 1 Equifax Name Institution
Running Head: Equifax 1 Equifax Name Institution
Equifax
Name
Institution
EQUIFAX 2
Equifax
Introduction
On 7th September 2017, Equifax, one of the largest credit reporting agencies in the US,
disclosed that it had suffered a data, with more than 140 million American consumers affected by
this breach (Wang & Johnson, 2018). The data breached comprised of names, phone numbers,
social security numbers, dates of birth, home addresses, and driver’s license numbers. Credit
card numbers of about 209,000 consumers were also breached. The question is, what did Equifax
The data breach occurred at Equifax because the company did not have the effective
policies and procedures. The existing policies and procedures were sup-par. For example,
Equifax was initially hacked through the consumer complaint portal, with the hackers using a
well-known vulnerability that the company should have patched up but because of failure of
internal processes and procedures, this vulnerability was not patched (Saleem & Naveed, 2020).
This allowed hackers to have easy access to the company’s system. In general, the company’s
security procedures and system was vulnerable and this allowed hackers to easily attack it. In
addition, after the initial breach, vulnerabilities were identified but no effort was made to patch
up these vulnerabilities (Gaglione Jr, 2019). Worse still, the IT department ran scans to
determine whether there are vulnerabilities but the scans did not reveal anything. There was
overall failure in procedures and systems as well as personnel responsible for the security of the
company’s systems.
EQUIFAX 3
There is no information about whether Equifax had an effective coop in place. The fact
that it continued being operational could be testament of it having an effective coop in place.
However, it is also possible that hack did not crash the company’s systems which made it
possible for normal operations to continue (Saleem & Naveed, 2020). It is important to note that
the attack was targeted mainly at data stored by the firm. As such, attackers may have been
interested in retrieving the data only rather than crash the firm’s systems.
The long-term damage of the data breach to Equifax was destruction of the company’s
reputation. For example, a survey carried out in 2018 showed that consumers had negative
attitude about the company despite attempts to improve the image. Financially, the company
agreed to pay 425 million dollars to those affected by the breach (Kenny, 2018). This is a
substantial amount that could have significantly affected the company financially. However, by
the time the deadline for claims elapsed, only a small number of those affected made claims.
incident. It is possible that the company was not affected financially because it does not deal
directly with customers. It means that its sales may not have been affected by the incident
Gaglione Jr, 2019). In addition, while it is indicated that personal information is collected with
consumers’ consent, this may not be entirely true. It is possible that in some cases, consumers
The breach did not affect the company long-term, especially from a financial point of
view. However, it elicited a number of changes in the company (Mohammed, 2021). For
EQUIFAX 4
example, Equifax overhauled its data security program which included an investment of 1.6
Conclusion
Basically, the 2017 data breach at Equifax affected millions of consumers. The data was a
consequence of failure by the company to put in place systems and structures that would limit the
ability of attackers to enter into its data system. The breach damaged its reputation. However, it
References
Gaglione Jr, G. S. (2019). The equifax data breach: an opportunity to improve consumer
Kenny, C. (2018). The Equifax data breach and the resulting legal recourse. Brook. J. Corp. Fin.
Saleem, H., & Naveed, M. (2020). SoK: Anatomy of Data Breaches. Proc. Priv. Enhancing
Technol., 2020(4), 153-174.
Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: a case study of the Equifax