Abstract
This is a case study analysis of the 2017 cyber-attack data breach on Equifax. Equifax is one of the three main credit reporting agencies in the world. In the summer of 2017, Equifax was involved in a massive data breach that leaked the personal data of over 150 million people. This data included first names, last names, social security numbers, birth dates, and more. This data affected many citizens from three major countries – America, the United Kingdom, and Canada. This paper goes into detail about whether Equifax had proper security in place, and whether they acted negligently with regards to how they reacted to the data breach. This case study will conclude with suggested solutions to mitigate and prevent future attacks.
Introduction
Credit agencies are companies that collect data on individuals’ debt and provide a rating based on their perceived credit worthiness. These ratings directly correlate to the risk the borrower poses to the credit agencies, which is their estimation of whether the borrower will pay back their loan. They leverage several different datasets to provide this rating including payment history (whether one is paying their debts on time), length of credit, balance of credit cards and loans, and public records. These rating affect one’s ability to receive a loan for purchasing a car or a house and dictate the overall cost of borrowing the money to the user over the lifetime of the loan.
The extent of personal private information that credit agencies have access to has forced the government to create federal laws to provide directions and limits on how the credit agencies can disclose this information (Consumer Financial Protection Bureau, 2020). There are many types of data collected including one’s name and contact information (first name, last name, email address, postal address, phone numbers), government issued identifiers (social security numbers, driver’s license numbers), demographic information (age, race, gender), payment information (account numbers), financial information, and more. The Fair Credit Reporting Act protects consumer information and allows credit agencies to provide credit information only to users permitted to have it by law.
The top three recognized credit bureau’s that are Equifax, Experian, and TransUnion. Founded in 1899, Equifax is the oldest of the big three credit bureaus. Equifax is based out of the United States in Atlanta, GA. They manage data on more than 820 million customers and over 91 million businesses worldwide. Equifax’s company goal is to help individuals live their financial best by creating economically healthy
3 / 4
individuals and communities everywhere they do business (Equifax, 2022). On September 17, 2017, Equifax disclosed to the world that it had suffered a data breach of customer information for more than 150 million people worldwide.
The major significance of this breach was that it leaked valuable personal private information. 147.9 million Americans, 15.2 million United Kingdom citizens, and 19,000 Canadian’s were now at risk of potential fraud due to account takeovers due to the information leaked. Account takeover fraud is a form of identity theft allowing an individual to take over a victim’s accounts, which allows them to request credit cards and change account information. With the stolen account information, the attacker can perform a full attack on the victim’s identity. Once complete, the attacker can perform unauthorized transactions and use the credit cards and accounts as their own, financially stealing from the victim (Lexis Nexis, n.d.).
Answer the questions above make answer it In details at least 3 pages
- 3. Where would you assign accountability for the breach: the technology (security) team, senior management, CEO, or the Board of directors?
- 4. How would you characterize Equifax’s response in the wake of the breach?
- 5. In your view, how should Equifax have prepared for the breach and the subsequent response?
4 / 4
References
https://www.equifax.com/about-equifax/who-we-are/
https://www.equifax.com/privacy/privacy-statement/
https://www.consumerfinance.gov/ask-cfpb/what-is-a-credit-reporting-company-en-1251/
https://wallethub.com/edu/cs/credit-reporting-agencies/25518
https://www.hypr.com/security-encyclopedia/equifax-security-breach
https://risk.lexisnexis.com/insights-resources/article/account-takeover-fraud