Equifax Inc. Data Breach: Analysis of Physical Security Failures

Verified

Added on 2020/05/28

AI Summary

This report examines the failure of physical security in the Equifax Inc. data breach. It provides an overview of the incident, detailing the compromise of personal data of approximately 500 million users due to inadequate security measures. The report discusses the impact of the breach, including financial losses and reputational damage, and analyzes the security failures, such as a lack of prioritization in data protection, inadequate incident response processes, and a failure to involve end-users in the process. The report also highlights potential improvements that could have prevented the breach, such as prioritizing data protection, documenting the response process, and understanding business context. The study concludes with a discussion of best practices in data breach prevention and the importance of maintaining consumer trust. The report emphasizes the need for customized security solutions to fit the confidence level of companies and the application of brilliant analysis to every situation of crisis management.

Running head: FAILURE OF PHYSICAL SECURITY
Failure of Physical security
(Equifax Inc.)
Name of the student:
Name of the university:
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1FAILURE OF PHYSICAL SECURITY
Physical security failure and the case of Equifax Inc.:
Physical security refers to the protection of data, networks, software, hardware and personnel
from physical events or actions. Without physical security, serious damage or loss can happen to any
institution, agency or enterprise.
Equifax Inc. is a global leader in the area of information solutions headquartered in
Sunnyvale U.S.A. Here the failed case of physical security at Equifax Inc. on 2013-14 is chosen. A
possible change in the physical security that could be helpful is also demonstrated here.
Equifax, a once dominant giant in the sector of the Internet, announced in 2016, that it
became a victim of one of the most massive data breaches ever. The attack made a compromise with
real names, email addresses, date of births and telephone numbers of about 500 million users. They
declared that most of the passwords were hashed using a robust algorithm ("Equifax data breach
hacks away at credit-monitoring firm's third-quarter profit", 2018).
Those breaches knocked an estimated 350 million off the sale price of Equifax Inc. Their
core business was paid with about 4.48 billion dollars by Verizon. This agreement called these
companies to share legal and regulatory liabilities from those breaches. That sale never included any
reported investment within “Alibaba Group Holding” comprising of 41.3 billion and ownership
interest in Equifax Inc. Japan of 9.3 billion dollars (Rumelili, 2015). Thus it impacted about 3 billion
user accounts.
Some of the possible changes that could have stood the test of time for Equifax Inc.’s data
breach are discussed hereafter.

2FAILURE OF PHYSICAL SECURITY
Prioritizing data protection:
A downfall of Equifax Inc.’s security strategy is that they have turned too general and thinly
spread. An adequate level of prioritization could have raised efficiency by finding the security only
in most vital resources.
Documenting the response process:
The best practices within incident response demand that once Equifax had the documented
process, they should follow that. This is because of stress level increases during attacks and likely to
be pulled in various directions. This leads to omission of few first actions (Cardenas & Crispo,
2016).
Making users the part of a process:
This could be done since Equifax often forgot the aspect of the incident response to inform
different end-users.
Understanding business context:
Equifax Inc. needed to consider applications and systems offline to analyze during the
investigation (Janakiraman, Lim & Rishika, 2017). This is important for knowing confidential data
stored on or passed through the system and understood the business impact.
With the rise in number of data breaches in past few years, it has been no surprise that set of
best practices has been developing. In the above discussion reducing risks and defeating attacks are
learnt from the instance of Equifax Inc.’s data breach. The study has shown insights on how to do
away with data breaches. However, it must be reminded that they could be expensive and cost
companies with lots of money. Further, the most prominent matter has always been about trust.

3FAILURE OF PHYSICAL SECURITY
Companies must not lose consumer trust since that could shout their front door. However, solutions
of data breaches mentioned above might be customized and tailored to fit the level of confidence of
the companies. Thus the study shows brilliant analysis applies to every situation of crisis
management.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4FAILURE OF PHYSICAL SECURITY
References:
Cardenas, A., & Crispo, B. (2016). Cyber-Physical Security and Privacy [Guest editors'
introduction]. IEEE Internet Computing, 20(5), 6-8.
Equifax data breach hacks away at credit-monitoring firm's third-quarter profit. (2018). USA
TODAY. Retrieved 22 January 2018, from
https://www.usatoday.com/story/money/business/2017/11/09/equifax-data-breach-hacks-
away-credit-monitoring-firms-third-quarter-profit/849193001/
Janakiraman, R., Lim, J. H., & Rishika, R. (2017). The Effect of Data Breach Announcement on
Customer Behavior: Evidence from a Multichannel Retailer. Journal of Marketing.
Rumelili, B. (2015). Identity and desecuritisation: the pitfalls of conflating ontological and physical
security. Journal of International Relations and Development, 18(1), 52-74.