Why Equifax was Hacked

Any company's operations dealing with confidential material about their consumers and operational commitment must prioritize cyber security. The company will gain confidence if customers know their data is secure. This was not the case with the Equifax incident, which led to a decline in customer confidence and undermined the anticipated results. Private information of Americans, Europeans, and Canadians was exposed in this security breach. This cyber-attack was considered a serious cybercrime that exposed the victims to identity theft. In the end, the United States Justice Department revealed the People's Republic of China to be in charge of the security breaches that impacted Equifax. However, there was insufficient proof that China had used the information it had gained through the data breach. Government representatives from China denied any participation in the Equifax data leaks. Therefore, it is critical to evaluate the data breach experienced by Equifax to determine the internal causes behind the security vulnerability concerning security measures being followed, data laws being broken, and vulnerabilities not being catered for, leading to the compromise of the client's data.

Network vulnerabilities have grown so common that only the most remarkable cases, such as the previous Equifax Inc. hack, make news. The business first disclosed the security breach in 2017 and later estimated that more than 140 million customers were impacted. Numerous pieces of sensitive information on consumers were accessible to hackers (White, 2017). During the inquiry into the breach, Equifax said that it was told in March that cybercriminals may use a weakness in its network but that it did not apply the necessary updates. The assault began when hackers scanned the web for systems with exposures that the US-CERT had warned about only days before (Wang & Johnson, 2018). They struck gold with Equifax's arbitration portal, where users could go to contest accusations. Hackers obtained access to three servers by exploiting an Apache Struts weakness, a months-old flaw that Equifax was aware of but failed to address. They discovered that those details gave them access to an additional 48 servers storing private information. The perpetrators remained on Equifax's server for 76 days before being discovered (White, 2017). Further investigation discovered that the hackers grabbed the data from 51 databases piecemeal to avoid setting off any warnings (Wang & Johnson, 2018). More than two months after the incident, Equifax discovered it and blocked the criminals' access (White, 2017). Thus, the firm failed to fix a server weakness which ultimately cost them their network security, compromising numerous pieces of sensitive information.

The development of new methods by hostile and anonymous hackers to undermine system security is occurring simultaneously as technology for adopting extra security measures progresses. Because of the inadequate security mechanisms built into the system, Equifax had a data breach. As a result, even though most boards are unprepared for this responsibility, corporation board members are required to assure cyber security (Zou & Schaub, 2018). In the case of Equifax, significant choices and actions were made before the intrusion that affected the consumers. These judgments had a few components related to specific legal compliance concerns (White, 2017). First, Equifax did not fully abide by the rules safeguarding customer information. Second, Equifax neglected to upgrade its web servers; as a result, making customer information exposed. One example is how, between April 2013 and January 2014, a hacker gained access to credit report information. Additionally, a technical mistake was made by Equifax during a software update that exposed customer information (White, 2017). Details on W-2 forms were compromised between 2016 and 2017 by Equifax divisions that maintained the data (White, 2017). In addition to storing certain customer data on a server that was accessible to the public, Equifax utilized weak passwords to protect their data (Wang & Johnson, 2018). Therefore, judgments and technical mistakes related to security measures ultimately caused customers' information to be hacked, where Equifax neglected to upgrade its web servers.

Both data leak laws were broken, which would have required Equifax to notify customers as quickly as possible and safeguard their data from breaches and insider trading regulations. This was clear from the cyber safety measures implemented by Equifax (Cowler, 2018). Although Equifax set up security precautions, one may counter that no security code is impenetrable and that every firm is susceptible to hacking (Newcomb, 2017). However, the business did not take further steps to secure the customer data by going above and above. For instance, a technological error resulted in the exposure of financial data in February 2017 for clients who used a Life Lock service via Equifax (Wang & Johnson, 2018). The Homeland Security Department warned Equifax on March 8, 2017, of a significant vulnerability in material that Equifax was employing (Wang & Johnson, 2018). According to company standards, once contacted, the issue should be remedied within 48 hours (White, 2017). Internal workers, however, neglected to alert the appropriate individual to fix the program proactively. In late March, an internal examination of the Equifax servers failed to detect unfixed software (Richardson et al., 2019). Data laws were broken from the neglect of the firm's here necessary entities and failed to address the issue brought forth by the security department proactively. 

Corporations' capacity to handle the cyber security risk has had ramifications for corporate reputations and executives' professional profiles. Equifax's security flaw will harm its standing in comparison to its competitors. Equifax will not only lose consumers, but many of them will switch to other services. Consumers' prior faith in Equifax would have been substantially weakened (Richardson et al., 2019). Customers may conduct business with alternative credit reporting organizations that provide superior services. As a result, the company's future prosperity will suffer. Workers may lose their employment as a result of the loss of shares. This might undermine the firm and cause it to fail. In addition, it will be challenging to win back customer confidence. It was insufficient for Equifax to provide people whose private details were compromised with online privacy protection since the company's image is crucial to its future (Gressin, 2017). It would have been vital for Equifax to explain along with recompense to the people whose data had been compromised (Newcomb, 2017). They should have worked hard to identify the hackers and bring charges against them.

It is critical to evaluate the data breach experienced by Equifax to determine the internal causes behind the security vulnerability concerning security measures being followed, broken data laws, and vulnerabilities not being catered for, leading to the compromise of clients' data. The assault began when hackers scanned the web for systems with exposures that the US-CERT had warned about only days before. They struck gold with Equifax's arbitration portal, where users could go to contest accusations. Additionally, judgments and technical mistakes related to security measures ultimately caused customers' information to be hacked, where Equifax neglected to upgrade its web servers. Data laws were also broken from the neglect of the firm's here necessary entities that failed to address the issue brought forth by the security department proactively. Ultimately, Corporations' capacity to handle cyber security risks has had ramifications for their clients and corporation capacity.

References

Cowler, S. (2018). Ex-Equifax Executive charged with Insider trading tied to ’17 Breach (Published 2018). Nytimes.com. https://www.nytimes.com/2018/03/14/business/equifax-executive-insider-trading.html.

Gressin, S. (2017). The Equifax data breach: What to Do [Ebook]. https://www.penncommunitybank.com/wp-content/uploads/2019/12/The-Equifax-Data-Breach_-What-to-Do-_-Consumer-Information.pdf.

Newcomb, A. (2017). A massive Equifax breach could affect half of the U.S. population.. NBC News. https://www.nbcnews.com/tech/security/massive-equifax-data-breach-could-impact-half-u-s-population-n799686.

Richardson, V., Smith, R., & Watson, M. (2019). Much Ado about nothing: The (Lack of) Economic Impact of Data Privacy Breaches. Journal Of Information Systems, 33(3), 227-265. https://doi.org/10.2308/isys-52379

Wang, P., & Johnson, C. (2018). Cyber-security incident handling: A case study of the Equifax data breach. Issues In Information Systems. https://doi.org/10.48009/3_iis_2018_150-159

White, G. (2017). A Cybersecurity Breach at Equifax left pretty much everyone's financial data vulnerable. The Atlantic. https://www.theatlantic.com/business/archive/2017/09/equifax-cybersecurity-breach/539178/.

Zou, Y., & Schaub, F. (2018). Concern but no action. Extended Abstracts Of The 2018 CHI Conference On Human Factors In Computing Systems. https://doi.org/10.1145/3170427.3188510