Equifax Data Breach
Introduction
In 2017 it was disclosed that Equifax, one of the leading consumer credit reporting companies operating in the U.S, had suffered a data breach that exposed the personal information of 147 million individuals. Social security numbers, Names, phone numbers, home addresses, dates of birth, and driver’s license numbers were among the information exposed in the security breach. In addition, the credit card data of about 209,000 customers were stolen.
Which element of this case might involve issues of legal compliance?
A legal compliance concern would be Equifax executives selling off their business stock after learning about the attack but before it was publicly disclosed. This could violate the terms of insider trading laws.
Which element illustrate acting legally but not ethically?
A good example of operating legally but not ethically would be Equifax’s delay in notifying the public of the hack. It is not always prohibited to withhold such information from a client. However, it is unethical to the extreme. In addition, key executives such as the CSO, CEO, and CIO of Equifax have retired or resigned, which is fully legal and within their rights. Equifax has done nothing wrong. What annoys the public is that the company’s senior executives leaving appears immoral since it demonstrates that the company has been dishonest. The executives seek to distance themselves from the company.
What would acting ethically and with personal integrity in this situation look like?
Although this is an extremely unfortunate circumstance, there was a better way to handle the matter. To maintain personal integrity, a person must be honest and loyal to fundamental ethical beliefs and principles. Acting ethically with personal integrity would entail being entirely truthful and informing the public of the situation as soon as it occurred, as opposed to afterward. Even if you are not a fan of Equifax, the fact that its executives sold off a stunning $2 million worth of company stock after learning about the attack late in July, just before it was publicized in September, should be enough to make you angry. Their honesty would be required if they were to act truthfully and ethically. Top executives should not have resigned or retired either, as it demonstrates a lack of personal integrity on the part of the executives. Equifax’s top executives should have stayed with the company during this ordeal rather than taking the easy way out.
How do you think this breach will affect Equifax’s position relative to those of its competitors? How might it affect the future success of the company?
From the moment the attack occurred, the company was aware that its operations would be disrupted, and this concern drove the decision to sell the majority of its stock. If those officials were about to retire, they needed to profit from the situation, which is why they took so long to notify the public of the breach. Equifax’s stock price plummeted after the news, which was the second effect of the hack, and the company’s stock will suffer as compared to its competitors due to the breach. Equifax will see a reduction in the number of customers they have.
Was it sufficient for Equifax to offer online privacy protection to those whose personal information was hacked? What else might it have done?
It was not enough for the impacted consumers to have online privacy protection since it did not end the problem or regain what they had lost. They had the option of compensating the affected customers.
Conclusion
Although the Equifax hack was unprecedented in terms of its breach, it provides valuable lessons for all organizations operating in today’s competitive environment. More information than ever before is being saved in the cloud and other electronic systems, raising the likelihood of a hacker exploiting this information.
References
Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: a case study of the Equifax data breach. Issues in Information Systems, 19(3).
Primoff, W., & Kess, S. (2017). The equifax data breach: What cpas and firms need to know now. The CPA Journal, 87(12), 14-17.