Leadership Analysis: Equifax Data Breach Case Study & Solutions

Verified

Added on 2023/04/22

AI Summary

This case study examines the Equifax data breach, a significant event that exposed the personal data of over 143 million individuals. The analysis focuses on the leadership practices within Equifax, identifying failures in communication, security measures, and overall management that contributed to the breach. The report highlights the regulatory gaps exploited by hackers, the resulting financial impact on Equifax, and the public outcry regarding inadequate data protection. It further discusses the lack of transparency and delayed information sharing within the organization, exacerbating the crisis. The study proposes remedial principles and practices, including improved cybersecurity protocols, enhanced internal controls, proactive communication strategies, and a commitment to ethical leadership, to prevent future data breaches and restore public trust. The report also emphasizes the importance of learning from past mistakes and implementing a mission-driven culture focused on data security and customer protection. Finally, it suggests that Equifax should have offered better support and resources to affected consumers, such as free credit monitoring and fraud alerts, and collaborated more effectively with regulatory agencies to address the crisis.

Running head: BUSINESS ANALYSIS CASE STUDY
Business Analysis Case Study
Name of student
Name of University
Author note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1BUSINESS ANALYSIS CASE STUDY
Table of Contents
Introduction................................................................................................................................3
Issues from the case study describing the events.......................................................................3
Leadership practices...................................................................................................................5
Remedial principles and practices to generate better outcomes.................................................6
Conclusion..................................................................................................................................8
References..................................................................................................................................8

2BUSINESS ANALYSIS CASE STUDY
Equifax and their data breaches and how have management fixed the problem
Introduction
The report is prepared to discuss about the breaching of data and information for
Equifax and how he management has been responsible for dealing with these kinds of issues.
Based on the case study, it is found that the huge security breach resulting in gaining access
to data and information has affected more than 143 million people all over. The topic will
provide necessary information about the remedial measures to deal with these kinds of issues
and ensure proper management of business functioning too (Equifax.com, 2019).
Issues from the case study describing the events
From the case study, it could be seen that hackers were responsible for breaching the
vital data and information including names, social security numbers, birth dates and even the
license numbers. The main causes that emerged were the regulatory gaps, which creates
scopes for the hackers to gain access to the important and confidential data of clients and thus
they were vulnerable to risks, further resulted in huge downfall of Equifax stocks to nearly
about 18.4 percent. There were questions raised on behalf of the entire incident, which
encouraged poor cyber security along with the loss of multiple consumers too. The PINs of
Equifax used by people for credit freezes were criticised largely of not being secure enough,
which further affected the stocks and created negative effects too (Berghel, 2017). Based on
the Oversight Committee report, it was found that the security policies and practices were
below the par level and out-of-date systems and poor security measures furthermore made the
entire system vulnerable to risks of data breach with the involvement of hackers. It has been
considered as the biggest data breach happened till now, which affected over 143 million
people all over the world (Zou & Schaub, 2018).

3BUSINESS ANALYSIS CASE STUDY
Figure: Disputes found during data breach (Equifax.com, 2019)
To deal with these kinds of issues, proper leadership and management decisions are
needed to be undertaken for the purpose of overcoming these issues and ensure smooth
business functioning along with the implementation of a recovery and action plan to reduce
the risks of identity theft. The security of data and information is concerned with the
avoidance of unauthorised access to computer systems, important data and information
through management of digital privacy and ensuring data integrity as well (Mikhed & Vogan,
2015). The consequences of data breach are huge for Equifax and often the credentials that
are stolen have subjected to other important data and information loss and this compromised
other systems too. The issues could though be dealt with by properly applying the public key
cryptography and to ensure verifying the identity claims while getting issued with the help of
internet, This protocol, when managed, should assist in improving the efficiency of business
practices, furthermore create convenience for the providers of credit, service companies,
rental agencies and others who might be subjected to identity theft risks. There were
evidences showing that few of the team members were left uninformed about the issue and

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4BUSINESS ANALYSIS CASE STUDY
the faults resulting from the data breach were kept hidden (Hedley & Jacobs, 2017). The
issues resulted in major consequences where the employees who worked on the consumer
tools and protective measures were not informed about the identities of consumer until going
public (Equifax.com, 2019).
From the leadership perspective, it was found that not the right tone had been set and
the messages and information delivered to the organisational staffs were not clear from the
top management. Considering the fact that cultural excellence, security measures and focus
on details are managed from the top, the leaders might have been unable to lead them by
example, which further hindered the security measures and prevention of data breach. After
one year also, the breach still posed significant negative effects such as changed the credit
reporting industry and also failing to receive large contracts by the Government (Mikhed &
Vogan, 2018). There were major errors resulting from no such real changes like poor routine
security and lack of proper internal controls along with failure to keep the entire network
inspection system up to date. Nearly one year went by after the hackers made unauthorised
access to the database consisting of un-crypted credentials and later used to gain access to the
internal databases too. More than 20,000 complaints related to the data breach were generated
and no such major enforcement actions were undertaken against Equifax as well (Bose &
Leung, 2013).
Leadership practices
Based on the case study, it could be understood that there were various causes of the
data breach, which resulted in an isolated incident. There had been speculations about the
failure in leadership skills, failing to provide appropriate training and developmental sessions
by the top management, inappropriate business practices and being unable to safeguard the
company against external threats too. The improper application and use of regulatory

5BUSINESS ANALYSIS CASE STUDY
investigations including filing lawsuits were the roles of the leaders and team members,
which further contributed to the poor corporate image and failing to understand the effects
that might be caused from the data breach (Roderick, 2014). Based on the case study, the
leadership practices were not sufficient enough to manage good working relations, which
contributed to the attainment of a good culture with the workplace and poor security
measures as well. It is the duty of the leaders of Equifax to conduct a rigorous assessment and
review the internal organisational security policies and safeguarding measures to protect the
threats of data breach and information loss. The leadership skills lacked, due to which, there
was inappropriate communication and working collaboratively with the Federal Trade
Commission or FTC and the Consumer Financial Protection Bureau or CFPB, which created
poor oversight of the credit bureaus and hindered protection of consumers largely too (Solove
& Citron, 2017).
Learning from the mistakes, the senior leadership must conduct introspection to
analyse what went wrong, why it went wrong and even how it could be overcome. A great
learning experience has been created for the senior leadership of Equifax to manage the
financial services properly and also evaluate the strengths, weaknesses, opportunities and
threats to make amendments for the future (Romanosky, Hoffman & Acquisti, 2014). After
the data breach, the stakeholders including customers, shareholders or investors also suffered
from material loss and thus the leaders’ should be keen to address the situation and remain
open to the staffs to establish a sense of trust and loyalty. Previously, the lack of cultural
excellence was a major issue and the leaders could make the company strive towards an
effective mission driven culture, which should overcome the corporate crisis and move them
in the right direction (Black, 2013).

6BUSINESS ANALYSIS CASE STUDY
Remedial principles and practices to generate better outcomes
Amidst the resignation of Equifax CEO Rick Smith after the data breach, the long
term viability and success are in question, though it has made the company learn from its
mistakes. The crisis management is at times, quite complex, though developing a positive
public narrative and spreading positive messages and information about the services could
result in making the company overcome the crisis situations and utilise the scopes and
opportunities for sustaining in the future (Equifax.com, 2019). Leadership plays a vital part
and it can be seen with the approaches undertaken by the Salesforce CEO Marc Benioff and
visible leader like JP Morgan Chase who have maintain good positions and developed high
level credibility to become savvy in terms of leadership and innovative business practices’
management. Investments should be done for maintaining a good strategic position,
furthermore allow Equifax to respond to issues immediately (Ullah et al., 2018). As found
from the case scenario, the company did not offer any proper explanation to the entire
scenario and thus the information was also withheld, which must not be done. It is important
for Equifax to convey a proper sense of trust and empathy by making the customers informed
about measures that can relevant violation of privacy and trust.
Not considering the exposure of information and disclosure of data, the consumers of
United States should be provided with opportunity to monitor the credit free of cost and other
services and even allow them to access a website from which one can check for the credit
reports as well as create a credit freeze for the files. Fraud alert should be placed and
connecting with the cloud database are important as well for keeping the data and information
secured through cryptographic methods and prevent any kinds of unauthorised access to the
utmost level possible. The Department of Homeland Security should be involved for
responding to the breach and assist Equifax I managing cyber security too. Necessary
changes should be done to the identity proofing procedures for updating the internal cyber

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7BUSINESS ANALYSIS CASE STUDY
security, furthermore manage discussions with the National Institute of Standards and
Technology for responding to the risks conveniently (Equifax.com, 2019). The assessment of
security controls of Equifax should also check whether the assessment and review comply
with the various sets of controls or not to make sure that new problems do not emerge and the
company can regain its positive brand image.
Conclusion
The report shed light on the data breach at Equifax considering its negative effects on
people such as loss of important data and information, hindering security, etc. The issues
were caused due to poor communication and also due to poor security measures and
ineffective leadership skills, which failed to keep the staffs motivated and encouraged. The
most effective principles and practices undertaken by Equifax included monitoring of credit,
enabling credit freeze and even working with Homeland Security department to assess the
security control systems largely too.

8BUSINESS ANALYSIS CASE STUDY
References
Berghel, H. (2017). Equifax and the latest round of identity theft roulette. Computer, 50(12),
72-76.
Black, J. (2013). Developments in data security breach liability. The Business Lawyer, 69(1),
199-207.
Bose, I., & Leung, A. C. M. (2013). The impact of adoption of identity theft countermeasures
on firm value. Decision Support Systems, 55(3), 753-763.
Equifax.com. (2019). Retrieved from https://www.equifax.com
Hedley, D., & Jacobs, M. (2017). The shape of things to come: the Equifax breach, the
GDPR and open-source security. Computer Fraud & Security, 2017(11), 5-7.
Mikhed, V., & Vogan, M. (2015). Out of sight, out of mind: consumer reaction to news on
data breaches and identity theft.
Mikhed, V., & Vogan, M. (2018). How data breaches affect consumer credit. Journal of
Banking & Finance, 88, 192-207.
Roderick, L. (2014). Discipline and power in the digital age: The case of the US consumer
data broker industry. Critical Sociology, 40(5), 729-746.
Romanosky, S., Hoffman, D., & Acquisti, A. (2014). Empirical analysis of data breach
litigation. Journal of Empirical Legal Studies, 11(1), 74-104.
Solove, D. J., & Citron, D. K. (2017). Risk and Anxiety: A Theory of Data-Breach Harms.
Tex. L. Rev., 96, 737.

9BUSINESS ANALYSIS CASE STUDY
Ullah, F., Edwards, M., Ramdhany, R., Chitchyan, R., Babar, M. A., & Rashid, A. (2018).
Data exfiltration: A review of external attack vectors and countermeasures. Journal of
Network and Computer Applications, 101, 18-54.
Zou, Y., & Schaub, F. (2018, April). Concern But No Action: Consumers' Reactions to the
Equifax Data Breach. In Extended Abstracts of the 2018 CHI Conference on Human
Factors in Computing Systems (p. LBW506). ACM.
https://www.jstor.org/stable/43665653?seq=1#page_scan_tab_contents
https://www.sciencedirect.com/science/article/pii/S1361372317300805?via%3Dihub
https://journals.sagepub.com/doi/abs/10.1177/0896920513501350
https://www.econinfosec.org/archive/weis2012/presentation/
Acquisti_presentation_WEIS2012.pdf
https://teachprivacy.com/risk-and-anxiety-a-theory-of-data-breach-harms/
https://www.lifelock.com/learn-data-breaches-equifax-data-breach-2017.html