Case: Equifax

Case: Equifax

 

In the summer of 2017, it was revealed that Equifax, a massive credit reporting bureau managing the credit rating and personally-identifying information of most credit-using Americans, had suffered a severe security breach affecting 143 million Americans. Among the data stolen in the breach were social security and credit card numbers, birthdates, addresses, and information related to credit disputes. The scale and severity of the breach was nearly unprecedented, and to make things worse, Equifax’s conduct before and after the announcement of the breach came under criticism.

For example, the website created by a public relations consulting firm to handle consumer inquiries about the breach was itself riddled with security flaws, despite requesting customers to submit personally-identifying information to check to see if they were affected. The site also told consumers that by using the site to see if they were affected, they were waiving legal rights to sue Equifax for damages related to the breach. The site, which gave many users inconsistent and unclear information about their status in the breach offered to sell consumers further protection services from Equifax, for a fee.

Soon it was learned that Equifax had known of the May 2017 breach for several months before disclosing it. Additionally, the vulnerability the attackers exploited had been discovered by Equifax’s software supplier earlier that year; that company provided had been discovered customers in March 2017. Thus, Equifax had been notified of the vulnerability, and given the opportunity to patch its systems, two months before the breach exposed 100 million Americans to identity theft and grievous financial harm.

Later, security researchers investigating the general quality of Equifax’s cybersecurity efforts discovered that on at least one of Equifax’s systems in Argentina, an unsecured network was allowing logins with the eminently guessable admin/admin combination of username and password, and giving intruders ready access to sensitive data including 14,000 unencrypted employee usernames, passwords, and national ID numbers.

Following the massive breach, two high-ranking Equifax executives charged with information security immediately retired, and the Federal Trade Commission launched an investigation of the Equifax for the breach. After learning that three other Equifax executives had sold almost two billion dollars of their company stock before the public announcement of the breach, the Department of Justice opened an investigation into the possibility of insider trading related to the executive’s prior knowledge of the breach. 

Case Questions

For this assignment, you will submit a voice-over PowerPoint presentation. The presentation should include an introduction, conclusion, and reference slides. In addition, the presentation should include 3 to 5 slides of content based on supplemental research using scholarly resources. At a minimum, your presentation should answer the following questions. In addition, you should address two to three additional concepts based on your research. Site all sources using APA formatting.

  1. What significant ethical harms are involved in the Equifax case, both in the short-term and the long-term? Who are some of the different stakeholders who may be harmed, and how?
  2. What do you imagine might be some of the causes of Equifax’s failure to adopt more stringent cybersecurity protections and a more effective incident response? Consider not just the actions of individuals, but also the larger organizational structure, culture, and incentives.
  3. If you were hired to advise another major credit bureau on their information security, in light of the Equifax disaster, what are three questions you might first ask about your cybersecurity practices and their ethical values in relation to cybersecurity? Why?
  4. In what ways could an organizational culture of thinking about the ethics of cybersecurity potentially have presented the Equifax breach or reduced its harmful impact? 

Assignment Submission

  • Draft 3 – 5 PPT slides of content including the recorded voiceover (The presentation should include an introduction, conclusion, and reference slides.) 
  • Utilize at least three (3) cited outside sources, using APA citation format
  • Submit your completed assignment to Canvas

View RubricAssignment RubricAssignment RubricCriteriaRatingsPtsContent Qualityview longer description15 ptsFull MarksApply knowledge from coursework and/or outside resources in a manner that is coherent, thorough, and relevant to the topic. Clearly explain your argument/point. Provide evidence to support your argument/point.0 ptsIncomplete/not demonstrated/ 15 ptsOrganization and Presentationview longer description3 ptsFull MarksFollow basic rules of strong presentation skills, including a clear agenda, logical organization and transitions, clear and appealing slides, and recap of main points.0 ptsIncomplete/not demonstrated/ 3 ptsCitations and Spellingview longer description2 ptsFull MarksUse Proper APA formatting when citing your sources. Base your ideas on research or theory. When you use someone’s words exactly, quote, and cite. Check your document for proper grammar, formatting, and spelling.0 ptsIncomplete/not demonstrated/ 2 ptsTotal Points: 0

Choose a submission type

Submission type Upload, currently selectedUploadMore submission optionsMoreTake a Photo via WebcamSubmit file using WebcamWebcamSubmit file using Canvas FilesCanvas Files
 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>