Running head: EQUIFAX 1

Equifax

Name

Institution
EQUIFAX 2

Equifax

Introduction

On 7th September 2017, Equifax, one of the largest credit reporting agencies in the US,

disclosed that it had suffered a data, with more than 140 million American consumers affected by

this breach (Wang & Johnson, 2018). The data breached comprised of names, phone numbers,

social security numbers, dates of birth, home addresses, and driver’s license numbers. Credit

card numbers of about 209,000 consumers were also breached. The question is, what did Equifax

do wrong that led to the breach?

What Equifax Did Wrong

The data breach occurred at Equifax because the company did not have the effective

policies and procedures. The existing policies and procedures were sup-par. For example,

Equifax was initially hacked through the consumer complaint portal, with the hackers using a

well-known vulnerability that the company should have patched up but because of failure of

internal processes and procedures, this vulnerability was not patched (Saleem & Naveed, 2020).

This allowed hackers to have easy access to the company’s system. In general, the company’s

security procedures and system was vulnerable and this allowed hackers to easily attack it. In

addition, after the initial breach, vulnerabilities were identified but no effort was made to patch

up these vulnerabilities (Gaglione Jr, 2019). Worse still, the IT department ran scans to

determine whether there are vulnerabilities but the scans did not reveal anything. There was

overall failure in procedures and systems as well as personnel responsible for the security of the

company’s systems.
EQUIFAX 3

There is no information about whether Equifax had an effective coop in place. The fact

that it continued being operational could be testament of it having an effective coop in place.

However, it is also possible that hack did not crash the company’s systems which made it

possible for normal operations to continue (Saleem & Naveed, 2020). It is important to note that

the attack was targeted mainly at data stored by the firm. As such, attackers may have been

interested in retrieving the data only rather than crash the firm’s systems.

Impact of the Incident to Equifax

The long-term damage of the data breach to Equifax was destruction of the company’s

reputation. For example, a survey carried out in 2018 showed that consumers had negative

attitude about the company despite attempts to improve the image. Financially, the company

agreed to pay 425 million dollars to those affected by the breach (Kenny, 2018). This is a

substantial amount that could have significantly affected the company financially. However, by

the time the deadline for claims elapsed, only a small number of those affected made claims.

This could have been due to the small amount involved.

There is no information on whether Equifax experienced financial downfall due to the

incident. It is possible that the company was not affected financially because it does not deal

directly with customers. It means that its sales may not have been affected by the incident

Gaglione Jr, 2019). In addition, while it is indicated that personal information is collected with

consumers’ consent, this may not be entirely true. It is possible that in some cases, consumers

give consent without their knowledge.

The breach did not affect the company long-term, especially from a financial point of

view. However, it elicited a number of changes in the company (Mohammed, 2021). For
EQUIFAX 4

example, Equifax overhauled its data security program which included an investment of 1.6

million dollars to enhance security and technology.

Conclusion

Basically, the 2017 data breach at Equifax affected millions of consumers. The data was a

consequence of failure by the company to put in place systems and structures that would limit the

ability of attackers to enter into its data system. The breach damaged its reputation. However, it

motivated the company to make changes to its data security system.

EQUIFAX 5

References

Gaglione Jr, G. S. (2019). The equifax data breach: an opportunity to improve consumer

protection and cybersecurity efforts in America. Buff. L. Rev., 67, 1133.

Kenny, C. (2018). The Equifax data breach and the resulting legal recourse. Brook. J. Corp. Fin.

& Com. L., 13, 215.

Mohammed, Z. (2021). Data breach recovery areas: an exploration of organization's recovery

strategies for surviving data breaches. Organizational Cybersecurity Journal: Practice,

Process and People.

Saleem, H., & Naveed, M. (2020). SoK: Anatomy of Data Breaches. Proc. Priv. Enhancing

Technol., 2020(4), 153-174.

Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: a case study of the Equifax

data breach. Issues in Information Systems, 19(3).