User Account

All Pages

What changes should managers and the board of directors make

Assignment Help HR Management
Reference no: EM133573444

Discussion Case: Equifax's Data Breach

The credit reporting company Equifax was at the center of a massive data breach affecting over 145 million customers. In 2017, hackers took advantage of a vulnerability in Equifax's website software and stole the personal information, including names, addresses, and Social Security numbers, of as many as 145 million Americans. A separate but related incident at Equifax involved 15 million British citizens who had their records violated from 2011 to 2016. The failure of Equifax's internal reporting and control measures led to a widespread violation of peoples' rights to the privacy of their personal information and became a huge public relations crisis for the company. Equifax's top lawyer, John Kelley, was investigated by the board of directors for his possible involvement in a cover-up of the hack and his mishandling of the situation. Kelley was

responsible for approving the sales of company stock by executives after the breach was discovered, but before it had been revealed to the public. Upon the disclosure of the breach, company stock price fell 14 percent. Investors sold approximately $4.5 billion (25 percent) of the company's market value after the hack was made public. More than 10 million Americans had their driver's license data exposed during the hack. Many people who had provided their driver's license information to the company were simply verifying their information in order to receive credit reports and ratings from

Equifax. Some had entered their information on the company's web page in an effort to settle credit report disputes. The credit report dispute web page had been particularly vulnerable to security breaches. Equifax CEO Richard Smith admitted during congressional hearings that he and other executives had been aware of the security weaknesses, but that a single employee at the firm had not properly heeded security warnings and did not ensure the implementation of software fixes. Smith added that there was a failure in their software systems designed to scan for the absence of "patches" necessary to protect private information.

Other internal control mechanisms at Equifax appeared to have been either ignored or dysfunctional. Frederick Lemieux, director of Georgetown University's graduate program in Applied Intelligence, blamed the breach on what he called "passive complicity" in the firm's culture. (Complicity means being involved in wrongdoing; passive complicity implies that executives were guilty of wrongdoing by not actively preventing it.) That top executives seemed to worry more about their own stock portfolios than the security of their customers' personal information was troubling to many ethics experts. Observers also criticized the company for its delay in going public about the breach. Finally, it appeared that knowledge of the potential for hacking was isolated to only one employee. A more robust system where multiple individuals were responsible for preventing a problem might have avoided the hack. Unlike banks, credit reporting agencies are relatively lightly regulated, and they typically rely on internal systems to maintain security. Lemieux stated, "there is no incentive to comply with the best industry practices and no incentives to spend [funds on these programs] because you're not accountable for it." He noted that credit reporting agencies did not face the same financial or legal consequences that banks or other businesses, like Target or Home Depot, encountered when hacked. Pamela Pressman, president of the Center for Responsible Enterprise and Trade, said that the breach should remind Equifax and other firms to train their employees and raise awareness about proper "cyber hygiene . . . ensuring that your employees, your contractors, your vendors-those people that have access to your network and your data-understand their role in protecting the network and protecting

the data." The cyberattack on Equifax was potentially more dangerous than other hacks in recent history because credit-reporting agencies played a significant role in determining who received financing and ultimately, how much credit they received. The data collected by these agencies was needed for applying for credit cards, loans, and background checks. The attack was conducted in one major maneuver, which facilitated the hackers' ability to use

the data for their own purposes. This breach could lead to problems for small financial institutions, like community banks

and credit unions, which typically relied on information collected by the credit-reporting firms to determine their loan decisions. Larger financial institutions were more likely to collect additional information from applicants, which made them less vulnerable. Days after the company discovered the breach, CFO John Gamble and two other top Equifax executives reportedly sold a combined $1.8 million worth of shares of the company, but all three denied knowing of the hack when they made the transactions, despite evidence to the contrary. CEO Smith stepped down from his post following these events.

Smith had been in charge since 2005. The Federal Bureau of Investigation investigated Equifax's handling of the situation as well as the actions of the top executives. When testifying before Congress, Smith downplayed the severity of the situation and the factors that facilitated the breach. He repeatedly blamed an IT worker who did not implement software

remedies after Equifax executives had been warned of possible holes in Equifax's website

security by the U.S. Department of Homeland Security. Equifax hired FireEye's Mandiant group to investigate the breach. The Mandiant report determined that approximately 2.5 million additional U.S. consumers were potentially impacted, for a total of 145.5 million. Mandiant did not identify any evidence of additional or new attacker activity or any access to new databases or tables. Instead, this additional population of consumers was confirmed during Mandiant's completion of the remaining investigative tasks and quality assurance procedures built into the investigative process.

The review also has concluded that there is no evidence the attackers accessed databases located outside of the United States. Equifax claimed they learned of hacking activity in May 2017, but the Mandiant report said the hack started two months earlier. Company executives did not formally disclose the breach until September 2017, however. They admitted that the hack was conducted from May through July 2017. The identity of the hackers was never disclosed.

Answer the following questions:

Did the company reacted appropriately upon learning about the breach? Why why not? Give examples from other similar situations

How could have the company avoided this breach?

What type(s) of ethical climate existed at Equifax, and did this contribute to the hacking issues there?

What changes should managers and the board of directors make now to reduce the likelihood of an incident like this from occurring in the future?

What types of ethics training would you recommend for Equifax employees in the future to prevent such corrupt behavior?

Reference no: EM133573444

Questions Cloud

What steps could you take to share the results of your week : In looking at the possible types of dissemination, which appeals to you most? Why? What steps could you take to share the results of your week 7 project
What are the different consumer rituals associated with oreo : What are the different consumer rituals associated with Oreo (or other cookie) consumption practiced among family members in different countries?
How would you handle men who apply for the position : How would you handle men who apply for the position? How will you ensure a legally defensible position for this company
Did united airlines engage in effective crisis management : Did these incidents impact the firm's corporate identity or corporate image, or both, provide reasoning. Did United Airlines engage in effective crisis
What changes should managers and the board of directors make : What changes should managers and the board of directors make now to reduce the likelihood of an incident like this from occurring in the future
Explain how the credible sources relate : Explain how the credible sources relate to one another as well as the importance of this interconnectedness.
Review article the real reason people wont change : According to Harvard Business Review article "The Real Reason People Won't Change," to identify the "big assumption," guide an employee through this exercise.
What are the benefits of effective orientation : Reflecting on your own experiences in an onboarding and orientation program, what were the most important things you learned in the program
Show the value of hr to your ceo who has always viewed : Show the value of HR to your CEO who has always viewed HR as a necessary evil rather than a strategic business partner

Reviews

Write a Review

HR Management Questions & Answers

  Improve problem solving capabilities within organization

Types of teams as to their effectiveness that will improve problem solving capabilities within organizations.

  Influence tactics help in reducing organizations politics

Explain the different types of influence tactics that will be of a help “if adopted” in reducing the organizational politics.

  Report on citigroup''s hr service level agreement

Human Resources or Human Resource Management deals with HR Service Level Agreement. HR Service Level Agreement is an agreement made between the employer and the employee, which states that the employee would work under any client and sometimes any ti..

  A project report on hrm

Human Resource Management as the name suggests, it is a management discipline which deals with the human i.e. the workforce aspect of organizations. Need and practices of HRM are inevitable in present scenario of extreme competition where "Talent War..

  Hrp: recruitment and selection

Recruitment and Selection is the initial ladder of any Human Resource Planning process and contains an immense significance for any organisation.

  A project report on study of statutory complainces

Statutory compliance and its immense knowledge are crucial to be understood in an organization. It contains all the forms, procedures and acts applicable in a company.

  Operant conditioning and Reinforcement

Operant conditioning is a learning process where behaviour is controlled by its consequences. In this process an individual's behaviour can be modified through the use of positive or negative reinforcement.

  Effectiveness of training programs in achieving customers an

The main motive for conducting this research is to provide broad range of research of the literature and their reviews related to training and development and assisting the employees in providing customers satisfaction.

  A critical analysis of hr processes and practices in fedex c

FedEx is illustrious for its novel HR processes and practices that have greatly accounted for its success.

  Integrating culture and diversity in decision making

People in the organization are known as Google where they share common goals and have common vision.

  Impact of employee attrition on people management in organis

Talent management implies recognizing a person's inherent skills, traits, personality and offering him a matching job.

  Labour dissonance at maruti suzuki india limited: a case stu

This Case Study focuses on various issues related to Labour Unrest at Maruti Suzuki India Limited.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd