Equifax Data Breach Analysis

Equifax Data Breach

Introduction

The Equifax Data breach of May–July 2017 breach gained a lot of news in the end of third quarter of 2017 with Equifax’s press release in September and further revelations on the extent and impact of the breach in October. Equifax was affected by a cyber-security breach leading to a compromise of 145.5 million Americans’ personal data, including their names, Social Security numbers, birth dates, addresses, and driver license numbers.  The press release and the later findings showed a huge amount of callousness and oversight by Equifax. Reports published in October 2017 showed that Equifax ignored warnings of security breach in December 2016 and did not take up immediate corrective measures after a breach in March 2017. The data theft that occurred in May 2017 and supposedly observed in July 2017 was not made public till September 2017 under the pretext of trying to evaluate the extent of data loss and estimate the number of people affected by the breach.

Data breaches of such magnitude tend to have higher impact on the lives of people affected in comparison to theft of login credentials of specific accounts because the data lost in such breaches can clearly establish the complete identity of the people and aid cybercriminals in easily creating fake identities of them to open bank accounts, transfer funds, apply for loans and credit cards, and create havoc in their lives. Apart from people, a lot of financial institutions, e-commerce businesses, real estate developers, airlines and hotels would be impacted financially with fake identities involving in multiple bogus transactions.

Recommendation

The current situation calls for a lot of measures from Equifax. The most important step is to come out clean with the customers and explain the actual extent and impact of the breach. A lot of companies try to underplay the situation to save their image, but it is very important to be honest and give out the complete details. This will help the organization in working on the remedies and will help people to take up necessary steps to protect their identity and data. The next step should be to take up measures to win back customers. Looking at the Equifax case, they provided an option of controlling access to their personal credit data to all their customers. Credit freeze for free for 30 days was an offering that helped retain some percentage of the grieved customers. However, beyond all such measures, the most important measure to consider would be to convince the customers that you have taken all necessary steps to prevent another data breach in the future. Organization’s IT infrastructure and security standards and protocols needs to be reviewed and necessary changes must be implemented at the earliest. A large part of this involves educating customers and employees to understand their rights and duties and ensure that a slight deviation in the policies or procedures is highlighted and necessary steps are taken.