Equifax Data Breach

Equifax Data Breach




Equifax Data Breach


The Equifax Company deals with all the history of the monetary transaction. The company has access to all the files that are uploaded from banks, credits cards, payment of bills, child support and all the information about employers and employees within the United States, Canada, and the United Kingdom. The institution deals with data from all financial institutions and other companies but the personal information was accessed during cyber terrorism and leaked to the public (Gressin, 2017). The company lost a lot of information that belonged to the banks, individuals and other financial institutions to the wrong people. According to the information provided by the CEO of the company, the cyber-terrorists were able to access personal information that belongs to half of the American population. Most of these customers were not even aware that the company has access to all their personal information and most of them did not think that they would fall victims of the crime. The hack took a long time before it was discovered in late July. It is alleged that the company was aware that personal information was getting to the wrong hands but did not take any legal action or protect the information that would make most of the people vulnerable (Kuhn, 2018). It was alleged that the hack was started in March but the company did not do much to stop it. The cyber terrorists leaked the information to the public.

The CEO and the chief security officer had to step down. This came after the justice department found out that the company has been selling personal information and the company had made a lot of profits from this unethical practice (Janakinaram et al, 2018). The personal information that the company received from the financial and other institutions was supposed to be protected and used for the better of the credit companies and the consumers. The company chose to sell personal information and thereby putting the safety of many individuals in danger. When the information was leaked, it became easier for robbers to measure the worth of people and make them targets. The company knew about the breach but waited until they sold shares worth 1.8 billion dollars before they disclosed the information to the public (Wang et al, 2018). The company made an effort to email the customers to check their credit cards and bank statements because the terrorists would have done more than leaking information to the public. It was unethical and illegal for the company to sell information and staying quiet about the situation.

Legal analysis

The company was trusted to keep the data received from third parties. Equifax was obliged to keep the information sacrosanct but instead sold them until they landed in the wrong hands of cyber terrorists. The public was outraged because they feel as though they had not authorized the company and many others to get access to their personal information. But the company needs this information in order to monitor their credit scores. The company plays an important role when analyzing whether individuals are creditworthy. The cyber terrorists were able to get personal information like names, addresses, phone numbers, dates of birth, information on credit cards among other information that the institution had access to. The law under the Fair Credit Reporting Act provides that the institution should protect the information by looking at the precautionary actions that will help the company to safeguard confidential information (Iyamu et al, 2017). The only people who should be allowed to access the data should be cleared and have a valid reason as to why the information is necessary to them (Asad et al, 2018). Equifax was aware that the information was vulnerable but did not take the necessary steps to ensure that they handled the breach.

Equifax did not comply with the provision of the laws that govern the credit monitoring institutions. The company should have worked with the IT and security team to ensure that data is protected when the Apache Struts had problems and made the company exposed to cyber terrorism. The law also allows individuals to claim for remedies from the institution that violates the agreement. Those individuals who were responsible for giving information to third parties should be arrested and charged for criminal penalties (Schwarts, 2017). The justice department should also look into the matter and determine how much the company is supposed to compensate the consumers.

Relevance to the Business Environment

Insight summary

When companies are entrusted by the consumers to protect information that is confidential, they should abide by the law and ensure that it is safeguarded to the later. In reference to the case of Equifax, the management, security team and IT staff should work hand in hand to ensure that the information cannot be tampered with by people who are not authorized. It is rather unethical for an institution that is trusted with confidential information to provide them to third parties for financial gains. Such practices put a lot of people in danger and can ruin the reputation of the company. For the case of Equifax, the company lost the trust of many consumers because of the actions that were in some way linked to leaking the information to third parties and having loopholes that got confidential (Iyamu et al, 2017). Due to the rapid changes that are experienced in the world of technology, cyber terrorists have been able to access a lot of information using the most sophisticated technology. The justice system should take legal action against the institutions that are liable for providing information to the wrong people. It is unethical for the management of companies to take advantage of making more profits by failing to honor what the law obliges them to follow.


The judicial systems should put harsh rules against companies that engage in unethical practices especially providing personal and confidential information to the wrong people. This will go a long way to ensure that the offenders will be charged according to the provision of the law (McCathy et al, 2016). When the punishment for leaking information that is confidential is heightened, those entrusted with the information will handle their errands with more care.

Companies should observe a very high level of ethics in their day to day activities because it will help the company to grow and build the trust of the customers. When the company maintains high standards of ethics the customers’ satisfaction rates will also go higher (Schartz, 2017).

The institutions that are entrusted with information should also embrace the technology and be flexible enough to keep up with the changes. This way the companies will be able to protect the information from landing in the wrong hands. Cyber terrorism will also be reduced since the updated technology will help them to counter their operations (Taylor, 2019). Through regular training, the employees will understand how to adapt and embrace the changes in changes which will also help the company to become more productive and profitable.

The current businesses should also invest in educating the staff about the importance of observing ethics in their places of work. This will help them to handle information with a higher level of confidentiality (Schwartz, 2017). Through training and workshops, the employees will become better and more effective in carrying out their responsibilities.


In recent years, there has been a lot of cases that involve unethical practices in businesses. An example of such practices is the case of Equifax. Many businesses take advantage of their customers in order to make more profits or overpower their competitors. This is a violation of the law and should be charged as criminal offenses. Those who are found guilty should be punished according to the laws of the land so that it can serve as a lesson and a reminder for the rest of the people (Asad et al, 2018). Violation of the legal obligations will lead to a crisis that will make the company lose its customers. The profit margins of the company that engages in unethical practices will also go down.


In conclusion, Equifax Company paid heavily by engaging in unethical practices and providing confidential information to third parties. The CEO and the chief of security were forced to step down because they could not be trusted to carry out their roles. Breech in agreement leads to legal actions and companies that violate them can be forced to pay a lot of money so that the consumers can be compensated. Unethical practices are equally illegal and make the competition in the market unfair. When companies engage in unethical practices like offering personal information to unauthorized people, they expose the company to cyber terrorism and more information can, therefore, be accessed. The law provides that information that is confidential should be protected at all cost and the violation will call for legal action. With reference to the case of Equifax, many of the consumers whom information was leaked sued the company and demanded compensation. This was all because of the breach of contract which could lead to insecurity issues and putting so much on the line.


Asad, M., & Haider, S. H. (2018). Corporate Social Responsibility, Business Ethics, and Labor Laws: A Qualitative Study on SMEs in Sialkot. Journal of Legal, Ethical and Regulatory Issues.

Gressin, S. (2017). The Equifax data breach: What to do. Federal Trade Commission, Washington, DC.

Iyamu, T., & Ngqame, Y. (2017). Towards a conceptual framework for protection of personal information from the perspective of activity theory. South African Journal of Information Management19(1), 1-7.

Janakiraman, R., Lim, J. H., & Rishika, R. (2018). The Effect of a Data Breach Announcement on Customer Behavior: Evidence from a Multichannel Retailer. Journal of Marketing82(2), 85-105.

Kuhn, M. L. (2018). 147 Million Social Security Numbers for Sale: Developing Data Protection Legislation After Mass Cybersecurity Breaches. Iowa L. Rev.104, 417.


Schwartz, M. S. (2017). Business Ethics: An Ethical Decision-making Approach (Vol. 10). John Wiley & Sons.

Wang, P., & Johnson, C. (2018). CYBERSECURITY INCIDENT HANDLING: A CASE STUDY OF THE EQUIFAX DATA BREACH. Issues in Information Systems19(3).

Place an Order

Plagiarism Free!

Scroll to Top