Course Material

1. Abstract This is a case study analysis of the 2017 cyber-attack data breach
on
AbstractThis is a case study analysis of the 2017 cyber-attack data breach on Equifax.
Equifax is one of the three main credit reporting agencies in the world. In the summer of
2017, Equifax was involved in a massive data breach that leaked the personal data of over
150 million people. This data included first names, last names, social security numbers,
birth dates, and more. This data affected many citizens from three major countries –
America, the United Kingdom, and Canada. This paper goes into detail about whether
Equifax had proper security in place, and whether they acted negligently with regards to
how they reacted to the data breach. This case study will conclude with suggested solutions
to mitigate and prevent future attacks.IntroductionCredit agencies are companies that
collect data on individuals’ debt and provide a rating based on their perceived credit
worthiness. These ratings directly correlate to the risk the borrower poses to the credit
agencies, which is their estimation of whether the borrower will pay back their loan. They
leverage several different datasets to provide this rating including payment history
(whether one is paying their debts on time), length of credit, balance of credit cards and
loans, and public records. These rating affect one’s ability to receive a loan for purchasing a
car or a house and dictate the overall cost of borrowing the money to the user over the
lifetime of the loan.The extent of personal private information that credit agencies have
access to has forced the government to create federal laws to provide directions and limits
on how the credit agencies can disclose this information (Consumer Financial Protection
Bureau, 2020). There are many types of data collected including one’s name and contact
information (first name, last name, email address, postal address, phone numbers),
government issued identifiers (social security numbers, driver’s license numbers),
demographic information (age, race, gender), payment information (account numbers),
financial information, and more. The Fair Credit Reporting Act protects consumer
information and allows credit agencies to provide credit information only to users
permitted to have it by law.The top three recognized credit bureau’s that are Equifax,
Experian, and TransUnion. Founded in 1899, Equifax is the oldest of the big three credit
bureaus. Equifax is based out of the United States in Atlanta, GA. They manage data on more
than 820 million customers and over 91 million businesses worldwide. Equifax’s company
goal is to help individuals live their financial best by creating economically healthy3 /
4individuals and communities everywhere they do business (Equifax, 2022). On September

2. 17, 2017, Equifax disclosed to the world that it had suffered a data breach of customer
information for more than 150 million people worldwide.The major significance of this
breach was that it leaked valuable personal private information. 147.9 million Americans,
15.2 million United Kingdom citizens, and 19,000 Canadian’s were now at risk of potential
fraud due to account takeovers due to the information leaked. Account takeover fraud is a
form of identity theft allowing an individual to take over a victim’s accounts, which allows
them to request credit cards and change account information. With the stolen account
information, the attacker can perform a full attack on the victim’s identity. Once complete,
the attacker can perform unauthorized transactions and use the credit cards and accounts
as their own, financially stealing from the victim (Lexis Nexis, n.d.).Answer the questions
above make answer it In details at least 3 pages3. Where would you assign accountability
for the breach: the technology (security) team, senior management, CEO, or the Board of
directors?4. How would you characterize Equifax’s response in the wake of the breach?5. In
your view, how should Equifax have prepared for the breach and the subsequent
response?4 / 4Referenceshttps://www.equifax.com/about-equifax/who-we-
are/https://www.equifax.com/privacy/privacy-
statement/https://www.consumerfinance.gov/ask-cfpb/what-is-a-credit-reporting-
company-en-1251/https://wallethub.com/edu/cs/credit-reporting-
agencies/25518https://www.hypr.com/security-encyclopedia/equifax-security-
breachhttps://risk.lexisnexis.com/insights-resources/article/account-takeover-fraud