Report on the Equifax Data Breach: Cybersecurity Incident Analysis

Verified

Added on 2021/04/21

AI Summary

This report analyzes the 2017 Equifax data breach, detailing the incident where cybercriminals stole personal data of approximately 145 million customers. It examines the vulnerability exploited (Apache Struts), affected stakeholders (individuals, businesses, government agencies), and the ethical, legal, social, and professional issues involved, such as Equifax's failure to update security features and the questionable sale of shares by executives. The report discusses measures taken to resolve the breach, including Equifax's system shutdown, employee dismissals, and stakeholder actions like credit freezes. It emphasizes the importance of proactive cybersecurity measures and government oversight. The report concludes with a call for enhanced cybersecurity practices and legal frameworks to prevent future data breaches. The report suggests the IT and cybersecurity specialist should have taken all organizational processes offline and locked the database from any other activity, either online or offline.

Cybersecurity Threats
Name
Institution
Professor
Course
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Equifax incident summary
In July 2017, the Equifax bureau was attacked by cybercriminals and lost about 145
million customers’ personal data (Brien 2017, p. 5). The number of affected data was translated
to represent 44% of American population. The data breach raised public interest due to the
amount of personal data that was stolen. The data stole ranges from; birth dates, names, mailing
addresses, driving licenses and Social security numbers. The big issue remains on the use of
stolen data from the subject Company. The attacker used US-CERT and Apache foundation to
gain access to Equifax data (Mathews 2017, p. 12). The attacker exploited a specific flaw in
Apache Struts which is a very sensitive programming framework which was being used by the
Equifax to support its web application portal customer disputes.
Affected stakeholders
In any data breach incident such as Equifax case, sensitive data tend to be lost and this
affects various stakeholders. In this regard, personal data was lost and many customers’ to the
company lost their personal information that should not go public at any time. Those affected
include; individual customers’ who lost their credit cards and social security numbers, businesses
that have transacted with Equifax and government agencies. The affected individuals,
companies, and government agencies feel their data might be subject to fraudulent activities
(Mikhed & Vogan 2018, p. 193). The magnitude of the attacker is quite high because most of the
stakeholders had to take a personal initiative of freezing their credit card activities and reports.
This is a clear indication they may have taken sometime without conducting any business. To
organizations as stakeholders, very sensitive data lost may give their competitors a competitive
advantage resulting in business collapse. The Equifax itself lost confidence from public image

perspective and its profit and transaction shares drop by 17.2% shortly after the incident was
reported (Mathews 2017, p. 12).
Ethical, legal, social and professional issues
For any data breach to occur, there are some standards and issues that must have been
violated. In this case, professional issues that might have taken place include; failing to update
organizational website security features to help in protecting customers’ data (Baruh & Popescu
2017, p. 581). The Equifax IT and security department did not take measures to safeguard
organizational data in regard to their roles. On the same note, there are legal issues that Equifax
might have compromised that should have helped to avert the threat. The incident was reported
some weeks later and the procedure used to report was not legally abiding. The ethical issue that
might have raised controversy is on the sale of shares by organizational executive’s just days
after the data breach. This is clearly demonstrated by how Equifax leadership adhered to its
responsibilities during the crisis. Ironically, it updated its code of conduct after data breach had
happened (Mathews 2017, p. 12). Similarly, the vulnerability that resulted in data breach was
known to Equifax and should have solved the issue in advance. Social issues arise on a loss of
customers’ ability to transact with Equifax. Important to note is that all these issues happened as
a result of neglect to perform professional duties or failing to adhere to the rule of law as
stipulated in the organizational charter or federal laws.
Measures to resolve Equifax data breach
Once the incident was discovered, there are some measures that have been taken by the
organization itself, Federal government and other stakeholders. Immediately after the breach was
discovered, Equifax put offline the entire system to avert more losses. Although this was done

with immediately effect, the breach had occurred and massive loss of data had happened (Baruh
& Popescu 2017, p. 581). Similarly, Equifax organization fired some of the employees who were
thought to have direct impact on the breach. This was done to help organization launch
investigation without employees’ interference. Despite organizational measures, affected
stakeholders had a role to play in resolving the breach by freezing all credit card transactions as
well as reports (Berghel 2017, p. 74-75). The Equifax data breach has served to awaken the
cybersecurity experts and federal government on need to come up measures to avert cyber
threats. The federal government has started process of looking into laws and processes that need
to be followed in cases there are data breaches. All measures taken by Equifax, stakeholders,
individuals and federal government were quite effective to ensure there is security of
organizational data. Taking organizational system offline could stop further data breach and help
in-depth analysis of breach and its magnitude to all stakeholders (Gressin 2017, p. 9). As an IT
and cybersecurity specialist the most important measure I should have taken is to take all
organizational processes offline and lock the database from any other activity, either online or
offline.
Bibliography
Baruh, L. and Popescu, M., 2017. Big data analytics and the limits of privacy self-
management. New media & society, 19(4), pp.579-596.
Berghel, H., 2017. Equifax and the Latest Round of Identity Theft Roulette. Computer, 50(12),
pp.72-76.
Brien, S.A., 2017. Giant Equifax data breach: 143 million people could be affected. CNN Tech.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Gressin, S., 2017. The Equifax Data Breach: What to Do. Federal Trade Commission,
September, 8.
Mathews, L., 2017. Equifax Data Breach Impacts 143 Million Americans. Forbes. Last modified
September, 7.
Mikhed, V. and Vogan, M., 2018. How data breaches affect consumer credit. Journal of
Banking & Finance, 88, pp.192-207.