On September 7, 2017, Equifax announced a massive security
breach. While the breach
was originally discovered on July 29, the announcement was delayed
by several
months. An estimated 145 million US consumers were affected. The
breach resulted in
the loss of the following details:
• Names
• Social Security numbers
• Birth dates
• Addresses
• Driver license numbers (at least in some cases)
Equifax attributes the breach to a website application
vulnerability that was exploited
by criminals. The Apache Software Foundation believes that the
vulnerability was
possibly caused by the March Struts bug. Experts allege that once a
vulnerability is
exploited, it allows attackers to gain a foothold. Generally,
following the exploit, the
attacker becomes a system user and hence owns the web server
process.
There are mounting concerns that Equifax could have prevented the
breach if simple
procedures and best practices were followed. Equifax has been
accused of
incompetence in regard to the protection of individual data and
irresponsible behavior
in responding to the breach. A patch for the website application
vulnerability that was
exploited was available several months before the attack, in March
2017. Even though
Equifax had more than two months to take remedial actions and apply
the patch, no
action was taken.
There are several questions that emerge. Is Equifax competent
enough to be the data
steward for the public? Why did Equifax take so long to notify the
public? Interestingly,
the website set up by Equifax to address questions about the breach
and offer free credit
monitoring was itself vulnerable. Why was Equifax so negligent in
handling and
responding to the breach?
1. 1. Develop an ideal response strategy for Equifax.
2. 2. Suggest how:
1. a. A technical security strategy could have helped Equifax
2. b. A formally defined process could have helped Equifax
3. c. A normatively developed approach could have helped
Equifax
3. 3. Following the breach, what could Equifax have done to protect
their reputation?
Answer the questions based on what happened after the breach
People check the integrity of their records consequently ,a few people typed in obviously phony information and were informed impacted by this incident.
Now there is one thing Equifax did right because of professionals we should always strive to seek teachable moment.Companies take their time in letting people know their information been stolen.
Hackers access database that has personal data for 143 million Americans from credit reporting agency Equifax.This hack is particularly bad .
Equifax hold exactly the kind of information that instructions use to verify people information and protect against hackers.
Lawmakers have suggested data breach laws along with data security.
For credit report protect their reputations by high grade people.
Get Answers For Free
Most questions answered within 1 hours.