The Equifax Data Breach in Ethical Point of View
The Equifax data breach occurred between May and July 2017 at Equifax’s American credit bureau [01]. The private records of 147.9 million Americans, 15.2 million British citizens, and about 19,000 Canadian citizens are compromised during the breach. It is referred to as one of the largest cyber-crimes related to identity theft. The data breached included names, home addresses, phone numbers, social security numbers, birth dates, credit card numbers, and driver’s license numbers [02]. Which elements of this case might involve issues of legal compliance? Which elements illustrate acting legally but not ethically? What would acting ethically and with personal integrity in this situation look like?
Issues of legal compliance in the Equifax Data Breach
Equifax had an ethical duty to its customers to maintain personal data with utmost security [03]. They failed in carrying that out by not properly maintaining and securing their system. The company believes that the hackers gained access to its data through a vulnerability in Apache Struts. Equifax know it since March 2017. Still, they did nothing about patching up the vulnerability even after the Apache Software Foundation released the patch.
Another erroneous act committed by Equifax was their failure to renew their public-key certificate, which inspected all encrypted data movement 10 months after it had expired [02]. Due to this expired public-key certificate, the hackers gained access to Equifax’s data from May 13 through July 30. Equifax did not notice it until July 29, 2019.
Equifax also had an ethical duty to inform its customers of the breach as soon as it was discovered [03]. Instead, they waited until a month to share pertinent information about the hack with their customers and investors. Equifax executives were said to not be aware of the breach beforehand despite suspicions that arose when some top-level executives sold stock collectively worth 2.8 million right before the breach was announced. As a result, the stock prices crashed, saving them from a loss of about $117,000 [03].
Issues that are legally correct but not ethically
In addition to Equifax’s unethical withholding of vital information, they directed consumers to check whether the hack had compromised their information on a website they created by submitting important details like their last name and Social Security numbers. They would also have to agree to Equifax’s terms of service and waive their rights to a lawsuit to use the site [02]. While it is within their legal rights to include this clause as a disclaimer, it is ethically incorrect due to the peculiarities of the situation.
The aftermath of the situation: How it affected Equifax reputation and position in the market and its future
The company was said to have spent $1.4 billion on costs to improve their data security after the hack and about 1.38 billion to settle consumer claims resulting from a class-action lawsuit, thereby downgrading their company’s financial rating [02].
What did Equifax do to handle this situation? Was it enough?
Was it sufficient for Equifax to offer online privacy protection to those whose personal information was hacked? What else might it have done? Equifax’s actions seem to indicate their concern for their own interests with no regard for their clients who sought to take adequate protective measures. Customers were still charged a fee by Equifax after being informed of the breach. Equifax’s problems could have been prevented if certain executives had followed the company’s code of ethics, their individual personal values, and common sense [03].
How would this breach affect Equifax’s position relative to those of its competitors? How might it affect the future success of the company? Equifax damaged thier relationship with its customers due to their neglect of ethics and lack of honesty in dealing with clients and investors. As a result, the customers felt violated and deceived. This is due to their lack of concern for their welfare and failure to be transparent.
Check the following reference articles to learn more about the Equifax Data Breach.
- Wikipedia.org. 2021. 2017 Equifax data breach. Retrieved on January 30 2021 from URL
- Fruhlinger, J. (2020, February 12). Equifax data breach FAQ: What happened, who was affected, what was the impact CSO Online. URL
- Business Ethics Advisors, LLC. (2020, July 14). What are the Ethical Implications of the Equifax Data Breach? Business Ethics Advisors | Ethics Experts. URL
- BTS SUGA’s Investigation, Media Response, and Upset Fans
- Ethics in Sales Success
- Positive And Negative Impacts of Nike’s Expansion Strategy
This article is written by:
This article is written and edited by in-house writers and editors. Knowledge Netizen editorial team is committed to providing accurate and informative content. You can cite our articles under the author name "NetizenMe"