1
Case Study 4
Sourabh Rawat
University of the Cumberlands
Mng Ethic & Soc Resp
Dr. Chase Betts
September 16, 2022
2
Many have been hit by data loss caused by various hacking groups and sophisticated
insider attacks. These data thefts and losses are devastating and can cause irreparable harm to
businesses (Daswani & Elbayadi, 2021). The administration was concerned about these
contractors taking advantage of government systems and, specifically, the data collected by the
contractors and the way it was used. The agency wanted to use this information and access the
data to ensure the public had access to the data and to mitigate the risk of the information being
compromised. All government contracts need to incorporate provisions for information security.
All government contractors that provide services in the federal government are now required to
conduct background checks on potential contract participants before contracting and, as a result,
the number of people applying to work for the federal government has decreased dramatically
(Ramakrishnan et al., 2022).
A Data Breach is a loss of property, personal information, or information that has a
material impact on the company's ability to achieve objectives set out in the policy, the firm's
reputation, the public's confidence in, and trust in the company, its competitors, suppliers, and
customers or the system by which they are all identified, and other stakeholders (Fleury-Charles
et al., 2022). This definition clearly refers to legal matters in that breaches of the data protection
act in many countries are illegal and could be punished severely, up to imprisonment and heavy
fines.
The Equifax Data Breach included data breach records, financial data, and call center
records. The company also provided credit monitoring, fraud detection, and health and safety
tools. These products are not offered with the data breach but are available through the Equifax
Web site. Some employees and the media were notified of the data breach, while other affected
customers received notice via email, call center notices, or online postings (Wang & Johnson,
3
2018). The primarily affected parties affected by the Equifax data breach include the victims of
the data breach; include the primary business affected by the Equifax data breach is Experian, the
provider of a personal credit report to approximately some million consumers in the United
States. Experian and all third-party service providers are the secondary business affected by the
Equifax data breach. Information security experts say the number of security breaches over the
past decade has been much higher than the usual, but the majority of them have been from
financial and healthcare companies.
1.
There are many ways to go about defining a security breach. Clearly, if talking about
something that was intentional, it probably was not an accident or anything like that. However,
there are a lot of other definitions out there. It would have to be intentional but unintentional, or
something that would not have been anticipated. It involves looking not only at the immediate
aftermath of the breach but also at the long-term impact of the breach on the firm, its
stakeholders, and the broader community (Gandhi, 2019). It may be that the executives did not
understand the nature of the information that was being stolen. It may be that they took things
literally. In any case, they should have taken the information seriously and reported the incident
to the appropriate authorities. The second question is asking about the ethical standards and how
they differ from the standards that apply to individuals who work in businesses.
2.
Equifax is one of the world's largest credit reporting agencies. By comparison, the breach
that led to the discovery of the personal information of nearly some million Facebook users, and
a massive attack on Twitter, appears to be the largest of its kind (Wang & Johnson, 2018). The
Equifax data breach began to snowball, revealing that the credit reporting company had indeed
4
been breached in May and that some million people had had their personal information exposed.
Equifax, which does business in the United States and is a provider of credit monitoring and
other services, said that the hack occurred and that it had taken over five months to confirm that
some sensitive data, including Social Security numbers, had been compromised.
3.
Yes. Equifax had a culture that was very explicit in its practices and in how it enforced its
policies and procedures. Many employees were asked to increase their monthly payments in
anticipation of being granted increased security clearance. For example, one employee, it works
in an I.T. department, was provided with a laptop computer with an encrypted user name and
password and was asked to share passwords with the company (Gandhi, 2019). Another
employee was asked to put down all the accounts in the name of a blind employee, a process that
required signing several forms that contained the passwords to all the accounts, which would
then have been shared with someone else in the company. The CEO was aware of the passwords
but was too concerned with security to take action.
4.
Risk management is an approach to preventing and managing events, including accidents
and other misbehavior. Risk management is used to deal with various types of risks, such as
fraud, hazards and environmental risks (Kabanov et al., 2021). For example, if a building catches
fire, the risk is treating it as an arson hazard and getting the owner of the building to remove the
faulty wiring and replace it. If the owner refuses to comply, then management will ask the client
to pay the cost of repairing the building. At its most simplistic, risk management is about taking
action to minimize the risk.
5.
5
Most of the respondents indicated they were not aware of any of the companies being
sued for not creating training on ethics. On average, respondents would see ethics training only
once or twice yearly. However, most respondents indicated they were aware of some specific
companies with ethics training programs (Novak & Vilceanu, 2019). The key is to understand
the role ethics plays in corporate risk management and the unique ethics and compliance issues
that each organization must address. However, the organization must realize that ethics, human
dignity, and respect are not mutually exclusive. Failure to provide these values often leads to
ethical dilemmas and negative consequences for the firm and its stakeholders, including its
shareholders, creditors, competitors, and investors. A final note on ethics is that the term is often
synonymous with corporate social responsibility.
6
References
Daswani, N., & Elbayadi, M. (2021). The Equifax Breach. In Big Breaches (pp. 75–95). Apress.
Fleury-Charles, A., Chowdhury, M. M., & Rifat, N. (2022, May). Data Breaches: Vulnerable
Privacy. 2022 IEEE International Conference on Electro Information Technology (eIT).
Gandhi, H. (2019). Active cyber defense certainty: A digital self-defense in the modern age.
Okla. City UL Rev, 43.
Kabanov, I., Massachusetts Institute of Technology (U.S.), Madnick, S., & Massachusetts
Institute of Technology (U.S.). (2021). Applying the lessons from the equifax
cybersecurity incident to build a better defense. MIS q. Exec., 109–125.
Novak, A. N., & Vilceanu, M. O. (2019). “The internet is not pleased”: twitter and the 2017
Equifax data breach. Commun. Rev., 22(3), 196–221.
Ramakrishnan, T., Hite, D. M., Schuessler, J. H., & Prybutok, V. (2022). Work ethic and
information security behavior. Inf. Comput. Secur., 30(3), 364–381.
Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: a case study of the Equifax
data breach. Issues in Information Systems, 19(3).