WK 5 Discussion
docx
keyboard_arrow_up
School
Pierce College *
*We aren’t endorsed by this school
Course
MNGT 186
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
5
Uploaded by MagistrateOtter5980
Introduction:
The Equifax data breach represents one of the most significant cybercrimes
impacting the financial services industry. This background paper analyzes the Equifax
case, including the crime, the perpetrators, motive, methods employed, victims,
object of the crime, and the outcome of the investigation/prosecution. Furthermore, it
provides recommendations for organizations in the industry to protect themselves
from similar cybercrimes.
Summary of the Case:
In September 2017, Equifax, one of the largest credit reporting agencies in the United
States, experienced a massive data breach that compromised the personal
information of approximately 147 million consumers. The breach lasted for several
months before it was discovered and reported, making it one of the most severe
cybersecurity incidents in history.
Perpetrators and Motive:
The breach was attributed to a group of cybercriminals whose identities remain
unknown. Their primary motive was financial gain through the exploitation of the
compromised data. The stolen information, including names, Social Security
numbers, birth dates, addresses, and in some cases, driver's license numbers,
provided valuable assets for identity theft, fraud, and other malicious activities.
Methods Employed:
The perpetrators exploited a vulnerability in Equifax's Apache Struts web application
software to gain unauthorized access to the company's network. By exploiting this
vulnerability, they were able to establish a persistent presence within Equifax's
systems and exfiltrate sensitive data undetected. The attack was executed through a
combination of techniques, including reconnaissance, network probing, and malware
deployment.
Victims and Object of the Crime:
Equifax was the primary victim of this cybercrime, facing severe reputational damage
and financial losses due to the incident. However, the breach had a far-reaching
impact on the individuals whose personal information was compromised. The victims
faced an increased risk of identity theft, fraudulent activities, and unauthorized access
to their financial accounts, potentially leading to significant financial and emotional
distress.
Investigation and Prosecution Outcome:
Following the discovery of the breach, Equifax launched an internal investigation and
cooperated with law enforcement agencies, including the Federal Bureau of
Investigation (FBI). The investigation aimed to identify the perpetrators and determine
the extent of the damage. While the identity of the cybercriminals remains unknown,
the investigation resulted in various security enhancements and regulatory actions
against Equifax.
In 2019, Equifax reached a settlement with the U.S. Federal Trade Commission
(FTC), the Consumer Financial Protection Bureau (CFPB), and state attorneys
general, requiring the company to pay a significant fine and implement a
comprehensive data security program. Additionally, several individual lawsuits were
filed against Equifax, resulting in a multimillion-dollar settlement to compensate
affected consumers.
Recommendations for Organizations:
To protect themselves from similar cybercrimes, organizations in the financial
services industry should consider the following recommendations:
1. Robust Cybersecurity Infrastructure: Implement a comprehensive cybersecurity
framework that includes regular vulnerability assessments, network monitoring,
intrusion detection systems, and incident response plans. Stay up-to-date with
software patches and security updates to mitigate known vulnerabilities.
2. Data Protection Measures: Utilize strong encryption methods to safeguard
sensitive data both at rest and in transit. Implement multi-factor authentication,
access controls, and segregation of critical systems to limit unauthorized access.
3. Employee Training and Awareness: Provide cybersecurity training to employees,
emphasizing the importance of identifying and reporting potential security threats
such as phishing emails and social engineering attempts. Encourage a culture of
security awareness throughout the organization.
4. Third-Party Risk Management: Conduct thorough due diligence on third-party
vendors and partners who handle sensitive data. Implement contractual obligations
for data security and regularly assess their compliance with cybersecurity standards.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
5. Regulatory Compliance: Stay informed about relevant laws, regulations, and
industry best practices.
Maintain compliance with data protection and privacy regulations, such as the
General Data Protection Regulation (GDPR) and the California Consumer Privacy Act
(CCPA).
Conclusion:
The Equifax data breach serves as a stark reminder of the strategic threat cybercrime
poses to organizations in the financial services industry. By adopting a proactive and
comprehensive approach to cybersecurity, implementing robust data protection
measures, providing employee training, managing third-party risks, and staying
compliant with relevant regulations, organizations can enhance their ability to prevent
and mitigate the impact of similar cybercrimes.
References:
Berghel, H. (2020). The Equifax Hack Revisited and Repurposed. Computer, 53(5),
85–90. https://doi.org/10.1109/mc.2020.2979525
Equifax. (2017). "Equifax Announces Cybersecurity Incident Involving Consumer
Information." Retrieved from https://www.prnewswire.com/news-releases/equifax-
announces-cybersecurity-incident-involving-consumer-information-300515960.html
Federal Trade Commission. (2019). "Equifax Data Breach Settlement." Retrieved
from [Insert URL]
Graves, J. T., Acquisti, A., & Christin, N. (2018). Should Credit Card Issuers Reissue
Cards in Response to a Data Breach? ACM Transactions on Internet Technology,
18(4), 1–19. https://doi.org/10.1145/3122983
Voigt, C. (2014). Wi-Fi Security: Shaping Data Privacy Rules. 66(3), 537.
Westland, C. (2020). The information content of Sarbanes-Oxley in predicting security
breaches. Computers & Security, 90, 101687.
https://doi.org/10.1016/j.cose.2019.101687