Equifax 2017 Data Breach: Case Study
VerifiedAdded on 2022/11/25
|10
|2563
|306
AI Summary
This case study analyzes the Equifax 2017 data breach, where personal details of approximately 147 million people were exposed. It discusses the consequences of the breach, the theories of law and victimology applied to the case, and the crime prevention strategies that could have been implemented. The breach had a significant impact on government and citizen protection, highlighting the importance of cybersecurity.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running Head: Case Study
EQUIFAX 2017 DATA BREACH
Name of the Student
Name of the University
Author’s Note
EQUIFAX 2017 DATA BREACH
Name of the Student
Name of the University
Author’s Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1CASE STUDY
Overview:
In September 2017, a case was limelight where Equifax revealed that a data breach hack
had spilled the personal details of approximately 147 million people for which, the company was
undertaken to the terms of global settlement with the Federal Trade Commission, the Consumer
Financial Protection Bureau, and the governments of 50 states and territories of the United
States. The settlement amount payable by the company to the global institutions amounted to
approximately 425million$ in order to extend assistance to the people who have been victimized
by such breach of data.
The annual reports of Equifax express that that the company was in troubled tone and yet
threw a deaf ear to the alarming bells of the cybersecurity alerts. The subject matter of the case
was that the taxonomy of the cyber-security. It was breached by the spillage of personal data
leading to the vulnerability of such information. Hence, the scale of government and citizen
protection was starkly affected by losing the identity of the digital era. The consequences of such
protection are not predicted by the people or any organization leading to the fall of the digital
media of storage of information.
According to Motherboard 2017, the security researchers had gained access to the servers
of the company. The vulnerabilities related to the same was reported. However, the company did
not give much attention to the report, and the portals were still in activation till later in June, and
further then, the breaches had begun. However, it can be analyzed that the same portal was not
targeted for the repeated breach. Multiple portals were targeted, which has been assumed to have
been conducted by multiple parties. According to Riley 2017, reported that the company had
suffered a huge blow of victimization due to the breach of the computer systems of the company.
Overview:
In September 2017, a case was limelight where Equifax revealed that a data breach hack
had spilled the personal details of approximately 147 million people for which, the company was
undertaken to the terms of global settlement with the Federal Trade Commission, the Consumer
Financial Protection Bureau, and the governments of 50 states and territories of the United
States. The settlement amount payable by the company to the global institutions amounted to
approximately 425million$ in order to extend assistance to the people who have been victimized
by such breach of data.
The annual reports of Equifax express that that the company was in troubled tone and yet
threw a deaf ear to the alarming bells of the cybersecurity alerts. The subject matter of the case
was that the taxonomy of the cyber-security. It was breached by the spillage of personal data
leading to the vulnerability of such information. Hence, the scale of government and citizen
protection was starkly affected by losing the identity of the digital era. The consequences of such
protection are not predicted by the people or any organization leading to the fall of the digital
media of storage of information.
According to Motherboard 2017, the security researchers had gained access to the servers
of the company. The vulnerabilities related to the same was reported. However, the company did
not give much attention to the report, and the portals were still in activation till later in June, and
further then, the breaches had begun. However, it can be analyzed that the same portal was not
targeted for the repeated breach. Multiple portals were targeted, which has been assumed to have
been conducted by multiple parties. According to Riley 2017, reported that the company had
suffered a huge blow of victimization due to the breach of the computer systems of the company.
2CASE STUDY
Further, it was reported that in early March the company had notified certain banking customers
and others about such breach. Mandiant owned by FireEye, Inc. was reported to have been
appointed to assist the company in investigating the cyber-attack of March 2017. According to
Haselton 2017, a major breach was again reported in September 2017, and in that breach, more
than 145 million US customers were affected. However, the breach was criticized by some
scholars on various grounds. On such critic, Anders 2017, explained that the Equifax officials
had sold their maximum personal holdings days after the breach; however, the reporting of such
breach was made only a month later.
The company was imposed a fine by the Federal Trade Commission for the two
occasions of the breach as identified under the Fair Credit Reporting Act. Further, the software
engineer of the company was charged with the offence of the insider trading for the purchasing
options in relation to the data breach that took place in 2017.
Concept of Theories:
There are two theories which have been selected for the analysis of the breach of the data of the
company in 2017. These two concepts are:
The general theory of law: this theory is also called the self-control theory of crime
where the individual lacks the self-control to resist himself or herself from the lure
resulting in the commission or the omission of the act constituting the crime. The
individual self-control is the driving factor in the theory to assess the motive behind the
commission of such crime. According to Mark, Pogarsky and Shmueli 2006, this theory
of law states that the individuals who are affected by the ways of parenting before the age
of ten develop less self-control than those who were raised in better parenting guidances.
Further, it was reported that in early March the company had notified certain banking customers
and others about such breach. Mandiant owned by FireEye, Inc. was reported to have been
appointed to assist the company in investigating the cyber-attack of March 2017. According to
Haselton 2017, a major breach was again reported in September 2017, and in that breach, more
than 145 million US customers were affected. However, the breach was criticized by some
scholars on various grounds. On such critic, Anders 2017, explained that the Equifax officials
had sold their maximum personal holdings days after the breach; however, the reporting of such
breach was made only a month later.
The company was imposed a fine by the Federal Trade Commission for the two
occasions of the breach as identified under the Fair Credit Reporting Act. Further, the software
engineer of the company was charged with the offence of the insider trading for the purchasing
options in relation to the data breach that took place in 2017.
Concept of Theories:
There are two theories which have been selected for the analysis of the breach of the data of the
company in 2017. These two concepts are:
The general theory of law: this theory is also called the self-control theory of crime
where the individual lacks the self-control to resist himself or herself from the lure
resulting in the commission or the omission of the act constituting the crime. The
individual self-control is the driving factor in the theory to assess the motive behind the
commission of such crime. According to Mark, Pogarsky and Shmueli 2006, this theory
of law states that the individuals who are affected by the ways of parenting before the age
of ten develop less self-control than those who were raised in better parenting guidances.
3CASE STUDY
According to Vazsonyi and Belliston (2007), the self-control theory of law remains the
strongest predictors of a crime even if applied and compared at various levels of facts and
circumstances of the case. However, as criticized by Akers (1991), it has been explained
that the theory of self-control has not been described with analysis upon the criminal
behaviour separately. Thus, it has been explained that the theory does not influence the
behavioural pattern of one's peers. At the same time, the theory has been debated on the
basis of its sustainability and its conformation with predictions.
Opportunity Theory of Victimology: this theory states that the crime is an organized
act of the offenders who target their victims on the basis of highest returns with little or
no effort and risk. According to Hindelang (1978), it has been stated that the theory
primarily focuses on the variations in lifestyle and routine activities of the offenders that
may affect the opportunities for crime. The opportunity thus acts as the limiting factor
which determines the outcome based upon the motivation of the offender and his or her
control over the circumstances and conditions which may be preventable. The key
concepts of the theory are the routine activities which may create a convergence in the
determination of the course of crime, rational choice that may allow the offender to
organize his alternatives in the situation and lastly the situational crime prevention
through the environmental design meaning that the environments can be held responsible
for the result of crime. According to Jeffery (1977), it has been argued that the
sociologists have overanalyzed the social causes of crime neglected the biological and the
environmental determinants of crime. However, the theory has been criticized on various
grounds. According to Clarke (1997), the act is not the outcome of a person who is a
convict, and he was present at the crime scene during the happening of the crime. The
According to Vazsonyi and Belliston (2007), the self-control theory of law remains the
strongest predictors of a crime even if applied and compared at various levels of facts and
circumstances of the case. However, as criticized by Akers (1991), it has been explained
that the theory of self-control has not been described with analysis upon the criminal
behaviour separately. Thus, it has been explained that the theory does not influence the
behavioural pattern of one's peers. At the same time, the theory has been debated on the
basis of its sustainability and its conformation with predictions.
Opportunity Theory of Victimology: this theory states that the crime is an organized
act of the offenders who target their victims on the basis of highest returns with little or
no effort and risk. According to Hindelang (1978), it has been stated that the theory
primarily focuses on the variations in lifestyle and routine activities of the offenders that
may affect the opportunities for crime. The opportunity thus acts as the limiting factor
which determines the outcome based upon the motivation of the offender and his or her
control over the circumstances and conditions which may be preventable. The key
concepts of the theory are the routine activities which may create a convergence in the
determination of the course of crime, rational choice that may allow the offender to
organize his alternatives in the situation and lastly the situational crime prevention
through the environmental design meaning that the environments can be held responsible
for the result of crime. According to Jeffery (1977), it has been argued that the
sociologists have overanalyzed the social causes of crime neglected the biological and the
environmental determinants of crime. However, the theory has been criticized on various
grounds. According to Clarke (1997), the act is not the outcome of a person who is a
convict, and he was present at the crime scene during the happening of the crime. The
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4CASE STUDY
crime should be analyzed from the availability of the vulnerable target and the motive of
the offender. Therefore, it can be analyzed that the crime and its determinants are
basically the vulnerability of the situation and the target and not the presence of the
criminally-disposed individual at an inevitable situation. The theory has a direct
implication upon the crime prevention strategies (Lawrence 1980). This is so because the
theory is a composition of problem-oriented policing, defensible space architecture, crime
prevention through architectural design and situational crime prevention because these
theories seek to block crime in practical, natural and the easiest way at low costs of social
and economic implications. The first strategy is the problem-oriented policing meaning
that the strategy should involve identification and specific crime and disorder problem
and such analysis should amount to the formulation of the effective crime prevention
strategy. The second strategy is the defensible space theory meaning that crime
prevention should be such that it should amount to the neighbourhood safety. The third
strategy is crime prevention through the environmental design, meaning that the agenda
of the national and the state should be such that the manipulation of the environment can
be created for safer neighbourhoods.
Application of Theories:
General Theory of Crime: in the given scenario, it can be explained that the
self-control theory is such that the offenders of the breach did not have any
particular enmity against the same. They were trying the hack for a long time, but
it was not possible because of continuous scrutiny. In the last, the offenders could
not resist themselves from breaching the data by noticing that the company is at
crime should be analyzed from the availability of the vulnerable target and the motive of
the offender. Therefore, it can be analyzed that the crime and its determinants are
basically the vulnerability of the situation and the target and not the presence of the
criminally-disposed individual at an inevitable situation. The theory has a direct
implication upon the crime prevention strategies (Lawrence 1980). This is so because the
theory is a composition of problem-oriented policing, defensible space architecture, crime
prevention through architectural design and situational crime prevention because these
theories seek to block crime in practical, natural and the easiest way at low costs of social
and economic implications. The first strategy is the problem-oriented policing meaning
that the strategy should involve identification and specific crime and disorder problem
and such analysis should amount to the formulation of the effective crime prevention
strategy. The second strategy is the defensible space theory meaning that crime
prevention should be such that it should amount to the neighbourhood safety. The third
strategy is crime prevention through the environmental design, meaning that the agenda
of the national and the state should be such that the manipulation of the environment can
be created for safer neighbourhoods.
Application of Theories:
General Theory of Crime: in the given scenario, it can be explained that the
self-control theory is such that the offenders of the breach did not have any
particular enmity against the same. They were trying the hack for a long time, but
it was not possible because of continuous scrutiny. In the last, the offenders could
not resist themselves from breaching the data by noticing that the company is at
5CASE STUDY
its peak of vulnerability. According to the CNBC reports, it has been noticed that
the theory reported in the investigation of the breach is that the data was hacked
for the purposes of nation-state spies and not by the criminals look for
encashment. Further, the data was not even found in any underground websites or
the storage of information, and neither one was seen impersonating the data
revealed from the hacking of such information. As the investigation takes its
course of action, the consensus seems to establish the grounds for the hacking of
such data. It has been established that the hackers of the information may have
been working for a foreign government and are utilizing such intricate
information for the financial gains and also the recognition and recruitment of the
potential spies.
Opportunity theory of Victimology: in the given scenario, it can be analyzed
that the Equifax fell prey to the close examination of the routine activity and the
opportunity of the circumstances that led to the massacre to happen. It was a game
of observation and choice of rational action that led to the effective planning and
execution of the crime and hence, as per the elements of this theory, it can be
understood that the data breach was a form of organized crime with routine
activities and opportunity for rational choice. According to ti the routine
activities, this means that the daily activities of the company were under the
scrutiny of a group of people who had already targeted the company for their
criminal activities. The theory of routine activities argues in favour of the
available opportunities and crime calculus. Equifax was reported about the
suspicious activities by their scrutiny officers, but the company did not pay much
its peak of vulnerability. According to the CNBC reports, it has been noticed that
the theory reported in the investigation of the breach is that the data was hacked
for the purposes of nation-state spies and not by the criminals look for
encashment. Further, the data was not even found in any underground websites or
the storage of information, and neither one was seen impersonating the data
revealed from the hacking of such information. As the investigation takes its
course of action, the consensus seems to establish the grounds for the hacking of
such data. It has been established that the hackers of the information may have
been working for a foreign government and are utilizing such intricate
information for the financial gains and also the recognition and recruitment of the
potential spies.
Opportunity theory of Victimology: in the given scenario, it can be analyzed
that the Equifax fell prey to the close examination of the routine activity and the
opportunity of the circumstances that led to the massacre to happen. It was a game
of observation and choice of rational action that led to the effective planning and
execution of the crime and hence, as per the elements of this theory, it can be
understood that the data breach was a form of organized crime with routine
activities and opportunity for rational choice. According to ti the routine
activities, this means that the daily activities of the company were under the
scrutiny of a group of people who had already targeted the company for their
criminal activities. The theory of routine activities argues in favour of the
available opportunities and crime calculus. Equifax was reported about the
suspicious activities by their scrutiny officers, but the company did not pay much
6CASE STUDY
attention to the value of the scrutiny and hence, paving the way for the
opportunity to creep in and the crime to take effect. As per the rational choice, it
can be understood that the crime and its target are analyzed from the perspective
of the criminal opportunities and choice to obtain their needs by the criminal ends
and not the legal means. This ensures that Equifax had provided the scope and
opportunity for the criminal activity to take its course. However, such activity was
also subject to the choice of the criminals to take criminal means and not the legal
means to obtain their goals. Thus, it has rightly been said that the prevention is
better than the cure and hence, Equifax was not preventive in nature and hence, it
is ending up curing its injuries. The perpetrators are the designated offenders.
However, it was also the company which ended up paying the penalty for its
carelessness towards such sensitive data and being negligent towards the storage
of such intricate information about the social and financial details of the people.
Crime Prevention Strategies:
The first strategy is the problem-oriented policing (Clark & Eck 2014) meaning
that the strategy should involve identification and specific crime and disorder problem
and such analysis should amount to the formulation of the effective crime prevention
strategy. In the given scenario, the company should have identified the problem when the
same was intimated to them by the scrutiny team that some suspicious activities have
been detected and hence, they should have been careful enough not to leave their portals
activated till the end of June 2017.
attention to the value of the scrutiny and hence, paving the way for the
opportunity to creep in and the crime to take effect. As per the rational choice, it
can be understood that the crime and its target are analyzed from the perspective
of the criminal opportunities and choice to obtain their needs by the criminal ends
and not the legal means. This ensures that Equifax had provided the scope and
opportunity for the criminal activity to take its course. However, such activity was
also subject to the choice of the criminals to take criminal means and not the legal
means to obtain their goals. Thus, it has rightly been said that the prevention is
better than the cure and hence, Equifax was not preventive in nature and hence, it
is ending up curing its injuries. The perpetrators are the designated offenders.
However, it was also the company which ended up paying the penalty for its
carelessness towards such sensitive data and being negligent towards the storage
of such intricate information about the social and financial details of the people.
Crime Prevention Strategies:
The first strategy is the problem-oriented policing (Clark & Eck 2014) meaning
that the strategy should involve identification and specific crime and disorder problem
and such analysis should amount to the formulation of the effective crime prevention
strategy. In the given scenario, the company should have identified the problem when the
same was intimated to them by the scrutiny team that some suspicious activities have
been detected and hence, they should have been careful enough not to leave their portals
activated till the end of June 2017.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7CASE STUDY
The second strategy is the defensible space theory (Hollis, Felson, and Welsh
2013), meaning that crime prevention should be such that it should amount to the
neighbourhood safety. In the given scenario, the data breach of Equifax also led to further
criminal activities in other companies and further activities like the 2017 exposure of the
American salary data, 2017 withdrawal of vulnerable delivery apps, 2017 exposure of
Argentina consumer data and so on. All these hacks may be interconnected by a single
group of offenders, and initial carelessness by Equifax amounted to a worldwide failure
of the cybersecurity.
The third strategy is the crime prevention through the environmental design
(Crowe and Fennely 2013) meaning that the agenda of the national and the state
should be such that the manipulation of the environment can be created for safer
neighbourhoods. In other words, this strategy means that the environment of
cybersecurity should have been analyzed by Equifax to prevent the crime and the
neighbourhood from the damage of cybercrime.
The second strategy is the defensible space theory (Hollis, Felson, and Welsh
2013), meaning that crime prevention should be such that it should amount to the
neighbourhood safety. In the given scenario, the data breach of Equifax also led to further
criminal activities in other companies and further activities like the 2017 exposure of the
American salary data, 2017 withdrawal of vulnerable delivery apps, 2017 exposure of
Argentina consumer data and so on. All these hacks may be interconnected by a single
group of offenders, and initial carelessness by Equifax amounted to a worldwide failure
of the cybersecurity.
The third strategy is the crime prevention through the environmental design
(Crowe and Fennely 2013) meaning that the agenda of the national and the state
should be such that the manipulation of the environment can be created for safer
neighbourhoods. In other words, this strategy means that the environment of
cybersecurity should have been analyzed by Equifax to prevent the crime and the
neighbourhood from the damage of cybercrime.
8CASE STUDY
REFERENCES:
Akers, Ronald L. (1991). "Self-control is a general theory of crime."
Journal of Quantitative Criminology. 7 (2): 201–211.
Clarke, R.V. (1997). Situational Crime Prevention: Successful Case
Studies. Albany, NY: Harrow and Heston. p. 229.
Cohen, Lawrence E.; Felson, Marcus; Land, Kenneth (1980).
"Property Crime Rates in the United States: A Macro
dynamic Analysis; 1947-1977; with ex-ante forecasts for the
1980's". American Journal of Sociology. 86: 90–118.
Crowe, T. D., & Fennelly, L. J. (2013). Crime prevention through
environmental design. Amsterdam: Elsevier.
Haselton, Todd (September 7, 2017). "Credit reporting firm Equifax
says cybersecurity incident could potentially affect 143
million US consumers."
Hindelang, Michael (1978). Victims of personal crime : an empirical
foundation for a theory of personal victimization. Cambridge,
MA: Ballinger Publishing Co
Hollis, M. E., Felson, M., & Welsh, B. C. (2013). The capable
guardian in routine activities theory: A theoretical and
conceptual reappraisal. Crime Prevention and Community
REFERENCES:
Akers, Ronald L. (1991). "Self-control is a general theory of crime."
Journal of Quantitative Criminology. 7 (2): 201–211.
Clarke, R.V. (1997). Situational Crime Prevention: Successful Case
Studies. Albany, NY: Harrow and Heston. p. 229.
Cohen, Lawrence E.; Felson, Marcus; Land, Kenneth (1980).
"Property Crime Rates in the United States: A Macro
dynamic Analysis; 1947-1977; with ex-ante forecasts for the
1980's". American Journal of Sociology. 86: 90–118.
Crowe, T. D., & Fennelly, L. J. (2013). Crime prevention through
environmental design. Amsterdam: Elsevier.
Haselton, Todd (September 7, 2017). "Credit reporting firm Equifax
says cybersecurity incident could potentially affect 143
million US consumers."
Hindelang, Michael (1978). Victims of personal crime : an empirical
foundation for a theory of personal victimization. Cambridge,
MA: Ballinger Publishing Co
Hollis, M. E., Felson, M., & Welsh, B. C. (2013). The capable
guardian in routine activities theory: A theoretical and
conceptual reappraisal. Crime Prevention and Community
9CASE STUDY
Safety, 15(1), 65-79.
Jeffery, C. R. (1977). Crime Prevention through Environmental
Design (Second Edition). Beverly Hills, CA.: Sage.
Clarke, R., & Eck, J. E. (2014). Become a problem-solving crime
analyst. Willan.
Melin, Anders (September 7, 2017). "Three Equifax Managers Sold Stock Before Cyber Hack
Revealed"
Motherboard. (October 26, 2017) "Breaking: Equifax Knew of Security Flaws Months Before It
Was Hacked".
Muraven, Mark; Greg Pogarsky; Dikla Shmueli (June 2006). "Self-control Depletion and the
General Theory of Crime". J Quant Criminol. 22 (3): 263–277.
Riley, Michael, Anita Sharpe, and Jordan Robertson, "Equifax Suffered a Hack Almost Five
Months Earlier Than the Date It Disclosed", Bloomberg News, September 18/19, 2017.
Vazsonyi, A. T.; Belliston, L. M. (2007). "The Family → Low Self-Control → Deviance: A
Cross-Cultural and Cross-National Test of Self-Control Theory". Criminal Justice and
Behavior. 34 (4): 505–530.
Safety, 15(1), 65-79.
Jeffery, C. R. (1977). Crime Prevention through Environmental
Design (Second Edition). Beverly Hills, CA.: Sage.
Clarke, R., & Eck, J. E. (2014). Become a problem-solving crime
analyst. Willan.
Melin, Anders (September 7, 2017). "Three Equifax Managers Sold Stock Before Cyber Hack
Revealed"
Motherboard. (October 26, 2017) "Breaking: Equifax Knew of Security Flaws Months Before It
Was Hacked".
Muraven, Mark; Greg Pogarsky; Dikla Shmueli (June 2006). "Self-control Depletion and the
General Theory of Crime". J Quant Criminol. 22 (3): 263–277.
Riley, Michael, Anita Sharpe, and Jordan Robertson, "Equifax Suffered a Hack Almost Five
Months Earlier Than the Date It Disclosed", Bloomberg News, September 18/19, 2017.
Vazsonyi, A. T.; Belliston, L. M. (2007). "The Family → Low Self-Control → Deviance: A
Cross-Cultural and Cross-National Test of Self-Control Theory". Criminal Justice and
Behavior. 34 (4): 505–530.
1 out of 10
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.