In May 2017, it was revealed that Equifax joined other high-profile companies, including Marriott, Home Depot Inc., Target Corporation, Anthem, Blue Cross, and Yahoo!, as a victim of cyberattacks. Equifax is one of the largest credit-rating companies in the United States; it operates or has investments in 24 countries and employs over 11,000 employees worldwide." Hackers gained access to the Equifax network in May 2017 and attacked the company for 76 days. In July, Equi- fax staff discovered the intrusion during routine checks of the operating status and configuration of IT systems. This was 76 days after the initial attack. Hackers accessed Social Security numbers, dates of birth, home addresses, and some driver's license numbers and credit card numbers, impacting over 148 million people. The company's security system did not keep up with corporate growth, and Equifax failed to modernize the system. According to the report, the company did not take action to address vulnerabilities that it was aware of prior to the attack. According to Equi- fax, hackers exploited a software vulnerability known as Apache Struts CVE-2017-5638, which was disclosed back in March 2017. There were clear and simple instructions for how to fix the problem from the software provider, Apache. to the recommenda Apache, software patches were made available in March, two months before hackers began accessing Equifax data. In addition to the previously mentioned vulnerability, the hackers found a file containing unencrypted usernames and passwords. They also found an expired security certifi- cate on a device for monitoring network traffic. This discov- ery indicated that Equifax did not detect the data theft. The Government Accountability Office (GAO) report indicated that the hack took place because Equifax failed to segment its databases into smaller networks. This, in turn, allowed the attackers direct and easy access to customer data. As part of fixing the security issues, the company hired a new chief information security officer, Jamil Farshchi, and invested $200 million on data security infrastructure.68 Answer the following questions: 1. Which vulnerability enabled hackers to breach the security system at Equifax? 2. Was the breach preventable? Discuss. 3. How will the company stop future attacks?

Understanding Business
12th Edition
ISBN:9781259929434
Author:William Nickels
Publisher:William Nickels
Chapter1: Taking Risks And Making Profits Within The Dynamic Business Environment
Section: Chapter Questions
Problem 1CE
icon
Related questions
Question
**Case Study 5-2: Security Breach at Equifax**

**Finance | Technology in Society | Application | Social and Ethical Issues | Global**

In May 2017, it was revealed that Equifax joined other high-profile companies, including Marriott, Home Depot Inc., Target Corporation, Anthem, Blue Cross, and Yahoo!, as a victim of cyberattacks. Equifax is one of the largest credit-rating companies in the United States; it operates or has investments in 24 countries and employs over 11,000 employees worldwide.

Hackers gained access to the Equifax network in May 2017 and attacked the company for 76 days. In July, Equifax staff discovered the intrusion during routine checks of the operating status and configuration of IT systems. This was 76 days after the initial attack. Hackers accessed Social Security numbers, dates of birth, home addresses, and some driver’s license numbers and credit card numbers, impacting over 148 million people. The company’s security system did not keep up with corporate growth, and Equifax failed to modernize the system. According to the report, the company did not take action to address vulnerabilities that it was aware of prior to the attack. According to Equifax, hackers exploited a software vulnerability known as Apache Struts CVE-2017-5638, which was disclosed back in March 2017. There were clear and simple instructions for how to fix the problem from the software provider, Apache.

It was the responsibility of Equifax to immediately follow the recommendations offered by Apache. According to Apache, software patches were made available in March, two months before hackers began accessing Equifax data. In addition to the previously mentioned vulnerability, the hackers found a file containing unencrypted username and passwords. They also found an expired security certificate on a device for monitoring network traffic. This discovery indicated that Equifax did not detect the data breach early.

The Government Accountability Office (GAO) report indicated that the hack took place because Equifax failed to segment its databases into smaller networks. This, in turn, allowed the attackers direct and easy access to customer data. As part of fixing the security issues, the company hired a new chief information security officer, Jamil Farshchi, and invested $200 million on data security infrastructure.

**Answer the following questions:**

1. Which vulnerability enabled hackers to breach the security system at Equifax?
2. Was the breach preventable? Discuss.
3. How will the company stop future
Transcribed Image Text:**Case Study 5-2: Security Breach at Equifax** **Finance | Technology in Society | Application | Social and Ethical Issues | Global** In May 2017, it was revealed that Equifax joined other high-profile companies, including Marriott, Home Depot Inc., Target Corporation, Anthem, Blue Cross, and Yahoo!, as a victim of cyberattacks. Equifax is one of the largest credit-rating companies in the United States; it operates or has investments in 24 countries and employs over 11,000 employees worldwide. Hackers gained access to the Equifax network in May 2017 and attacked the company for 76 days. In July, Equifax staff discovered the intrusion during routine checks of the operating status and configuration of IT systems. This was 76 days after the initial attack. Hackers accessed Social Security numbers, dates of birth, home addresses, and some driver’s license numbers and credit card numbers, impacting over 148 million people. The company’s security system did not keep up with corporate growth, and Equifax failed to modernize the system. According to the report, the company did not take action to address vulnerabilities that it was aware of prior to the attack. According to Equifax, hackers exploited a software vulnerability known as Apache Struts CVE-2017-5638, which was disclosed back in March 2017. There were clear and simple instructions for how to fix the problem from the software provider, Apache. It was the responsibility of Equifax to immediately follow the recommendations offered by Apache. According to Apache, software patches were made available in March, two months before hackers began accessing Equifax data. In addition to the previously mentioned vulnerability, the hackers found a file containing unencrypted username and passwords. They also found an expired security certificate on a device for monitoring network traffic. This discovery indicated that Equifax did not detect the data breach early. The Government Accountability Office (GAO) report indicated that the hack took place because Equifax failed to segment its databases into smaller networks. This, in turn, allowed the attackers direct and easy access to customer data. As part of fixing the security issues, the company hired a new chief information security officer, Jamil Farshchi, and invested $200 million on data security infrastructure. **Answer the following questions:** 1. Which vulnerability enabled hackers to breach the security system at Equifax? 2. Was the breach preventable? Discuss. 3. How will the company stop future
Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 5 steps

Blurred answer
Recommended textbooks for you
Understanding Business
Understanding Business
Management
ISBN:
9781259929434
Author:
William Nickels
Publisher:
McGraw-Hill Education
Management (14th Edition)
Management (14th Edition)
Management
ISBN:
9780134527604
Author:
Stephen P. Robbins, Mary A. Coulter
Publisher:
PEARSON
Spreadsheet Modeling & Decision Analysis: A Pract…
Spreadsheet Modeling & Decision Analysis: A Pract…
Management
ISBN:
9781305947412
Author:
Cliff Ragsdale
Publisher:
Cengage Learning
Management Information Systems: Managing The Digi…
Management Information Systems: Managing The Digi…
Management
ISBN:
9780135191798
Author:
Kenneth C. Laudon, Jane P. Laudon
Publisher:
PEARSON
Business Essentials (12th Edition) (What's New in…
Business Essentials (12th Edition) (What's New in…
Management
ISBN:
9780134728391
Author:
Ronald J. Ebert, Ricky W. Griffin
Publisher:
PEARSON
Fundamentals of Management (10th Edition)
Fundamentals of Management (10th Edition)
Management
ISBN:
9780134237473
Author:
Stephen P. Robbins, Mary A. Coulter, David A. De Cenzo
Publisher:
PEARSON