Question: In July of 2017, Equifax suffered a security breach. It is estimated that over 143 million Americans had their birthdate, social security number, addresses and driver's license numbers stolen. In addition, over 206,000 credit card numbers with PII attached were accessed and ~182,000 people involved in credit card disputes. In the latter cases, customers in the UK and Canada were also affected.
It is said that a patch was not applied to the Apache Struts and that vulnerability allowed the hackers to break in. In addition, the breach occurred between May and July of 2017, but was not reported to the public until September after Equifax had hired Mandiant to do an internal investigation of what had happened.
Also three Equifax executives sold off almost US $1.8 Million of their personal shares a month prior to the public disclosures.
Equifax set up a website for people to use equifaxsecurity2017 website which later was classified as insecure and built almost like a phishing website.
Using what we have learned in this class, write a 2 to 3 page paper that addresses:
• What policies and procedures appear to have been lacking at Equifax?
• Do any of the policies and procedures address what the executives are accused of doing?
• Why did they wait so long to inform the public? Legally what are they required to do?
• How could this have been avoided?
State your premise and supporting arguments, etc. clearly.