Professional Documents
Culture Documents
Equifax Data Breach - A Case Study
Equifax Data Breach - A Case Study
Equifax Data Breach - A Case Study
What was
the impact? – An Ethical Case Study
Name: Prateen Balaji Ravikumar
Student ID: 23268650
Email ID: prateen.ravikumar2@mail.dcu.ie
Course Name: MSC Computing (Data Analytics)
Module code: CA640
Date of Submission: 17/11/2023
I acknowledge the University's stance on academic honesty and the seriousness of plagiarism. I'm
familiar with DCU's Academic Integrity and Plagiarism Policy and am aware of the consequences
for any violations. I have properly cited all information, thoughts, perspectives, and words from
other sources in my assignment. All materials from books, articles, the internet, and other
references are credited accordingly. Should I use generative AI or searches, I will detail this in an
appendix. The work I'm presenting for evaluation is solely my creation, except where referenced.
By moving forward with this submission, I attest to its originality and my understanding of DCU's
Academic Integrity and Plagiarism Policy.
In September 2017, the world witnessed one of the most significant data breaches in history,
perpetrated against Equifax, one of the three largest credit agencies in the United States. This
breach compromised the sensitive personal information of approximately 147 million people,
including names, Social Security numbers, birth dates, addresses, and, in some cases, driver's
license numbers.
The Equifax breach transcended the typical concerns of financial loss, going to the heart of privacy
rights and the ethical stewardship of personal information. It raised pressing questions about the
obligations of companies to safeguard consumer data, the adequacy of existing cybersecurity
measures, and the ethical responsibilities in the aftermath of a breach.
2. Literature Review:
2.1 Seven Pillars Institute:
The Equifax Data Breach case study reveals significant flaws in the management of Credit
Reporting Agencies (CRAs), with Equifax being a prime example. The breach exposed the
personal information of millions, raising serious questions about data security and corporate
responsibility [1].
The institute discusses the ethical implications of the breach, focusing on Equifax's failure to
protect consumer data, transparency issues, and inadequate compensatory justice. It highlights the
increased responsibilities of CRAs due to their access to sensitive personal information and their
role in the economy [1].
2.2 Business Ethics Advisors:
This source emphasizes Equifax's ethical duties in terms of data security and transparency. The
breach was linked to a known vulnerability in Apache Struts, raising questions about the company's
internal controls and ethical practices. The delay in breach notification is critiqued for depriving
consumers and financial institutions of crucial response time [2].
Corporate Response Analysis: It examines the timeline of Equifax's response to the breach,
highlighting the delay in public notification and the company's initial attempt to limit consumers'
legal rights when checking if their data was compromised [3].
3.1 The main players involved in the Equifax Data Breach included:
• Richard Smith: CEO and Chair of Equifax during the breach.
• Certain Equifax Executives: Investigated for possible insider trading related to the
breach.
• Data Breach Notification Laws: The delay in informing the public about the breach
brought into question the adherence to data breach notification laws, which require timely
disclosure of such incidents to affected individuals.
• Insider Trading Allegations: The sale of Equifax stock by executives before the breach
became public led to investigations for potential insider trading, a serious legal violation.
• Class Action Lawsuits: The breach led to numerous lawsuits from affected consumers,
alleging negligence and breach of contract among other claims.
• Settlements and Fines: Equifax faced significant fines and was required to make
settlements with various regulatory bodies and states, compensating for the breach and its
mishandling.
• Regulatory Scrutiny: The incident called for increased regulatory oversight of credit
reporting agencies to ensure better protection of consumer data.
• "Equifax faced legal and ethical scrutiny for its delayed response and handling of the
breach."
• "Consumers impacted by the breach sought legal action, emphasizing the need for
corporate accountability in personal data management."
• Why was there a delay in notifying the public and affected consumers?
• What steps did Equifax take to mitigate the impact of the breach?
• How effective were the regulatory responses and legal actions in addressing the breach?
• How can consumer trust be restored after such a significant data breach?
• "Fire Alarm with a Delayed Response": This could describe Equifax’s delayed
notification to the public, similar to a fire alarm system that only alerts occupants long after
a fire has started.
• "Patchwork Quilt with Missing Patches": This might represent the patch management
policy of Equifax, where the overall structure existed but critical components (patches)
were missing or not implemented in time.
• "Sinking Ship with Delayed Evacuation": This could analogize the situation of
consumers post-breach, where the necessary actions (like credit freezes and fraud alerts)
were akin to lifeboats deployed too late.
• Honesty and Trustworthiness: Equifax's delayed response and initial lack of transparency
conflict with the ACM's emphasis on honesty in communications.
4. Conclusion:
The Equifax Data Breach case study serves as a crucial lesson in the realms of cybersecurity,
corporate responsibility, and ethical conduct. It underscores the profound impact of digital
vulnerabilities in an increasingly interconnected world. The breach not only exposed significant
shortcomings in Equifax's data protection measures but also highlighted the broader challenges
faced by entities holding sensitive personal information. The case reinforces the need for stringent
cybersecurity practices, transparent communication strategies, and a strong ethical framework
governing corporate actions. It acts as a stark reminder to all organizations about the importance
of safeguarding consumer data and the far-reaching consequences of failing to do so.
5. Bibliography/References:
1. Miyashiro, I. (2021). Case study: Equifax Data Breach. [online] Seven Pillars Institute.
Available at: https://sevenpillarsinstitute.org/case-study-equifax-data-breach/
2. Business Ethics Advisors | Ethics Experts. (2017). What are the Ethical Implications of the
Equifax Data Breach? [online] Available at: https://businessethicsadvisors.com/equifax-
data-breach/.
4. Thomas, Jason. (2019). A Case Study Analysis of the Equifax Data Breach 1 A Case Study
Analysis of the Equifax Data Breach. 10.13140/RG.2.2.16468.76161.
https://www.researchgate.net/publication/337916068_A_Case_Study_Analysis_of_the_E
quifax_Data_Breach_1_A_Case_Study_Analysis_of_the_Equifax_Data_Breach
5. Daswani, Neil & Elbayadi, Moudy. (2021). The Equifax Breach. 10.1007/978-1-4842-
6655-7_4. https://www.researchgate.net/publication/349557061_The_Equifax_Breach