All case studies

Case study

Equifax

May 2018

Equifax Data Breach Scandal

# I. What happened?

On September 7, 2017, the US-based consumer credit reporting agency Equifax announced that a cyber-attack on its computer systems between May and July 2017 had enabled hackers to access the personal data of about 143 million people in the US. By September 21, Equifax shares had plummeted by 33 percent following reports that the cyber criminals had been able to access full names, social security numbers, birth dates, and addresses, allegedly leaving consumers vulnerable to identity theft.

Although the attack reportedly began in mid-May, the CEO of Equifax claimed that the company had only discovered the breach on July 29, 2017.

A week after Equifax announced the data breach in the US, the security of the internal portal of Veraz, the company’s Argentinian operation, was found to be vulnerable, as the records of thousands of customers could allegedly be accessed by using the word “admin” as both the login and password. It was claimed that the weakness could lead to a breach of the personal data of more than 100 employees and 14,000 customers from Argentina.

Equifax’s troubles worsened when it came to light that its Chief Financial Officer and two other senior executives had sold shares in the company worth USD 1.8 million on August 1, 2017, just days after Equifax discovered the cyber-attack, and more than a month before the breach was made public. The discovery prompted the US Department of Justice (DOJ) to launch an investigation into the possible violation of insider trading regulations. On September 15, the company’s Chief Information Officer and Chief Security Officer announced that they would be resigning with immediate effect. One week later, on September 26, 2017, Equifax’s CEO also announced his resignation.

On October 2, 2017, Equifax admitted that 145.5 million Americans had been affected by the US data breach, 2.5 million more than previously thought. Two weeks later, Equifax announced that the breach had affected approximately 694,000 customers in the UK, as well as clients in Canada.

Please enter your details to read this case study

Continue
Receive our latest research, insights, news, and more
Sign up to mailing list