Chapter a Securing Information Systems 333
Is the Equifax Hack the Worst Ever-and Why?
CASE STUDY
E quifax (along with TransUnion and Experian) is one of the three main U.S. credit bureaus, which maintain vast repositories of personal and financial data used by lenders to determine c redit-worthiness when consumers apply for a credit carel, mortgage, or other loans.
The company handles data on more than 820 million consumers and more than 91 million businesses world,·vide and manages a database with employee information from more than 7,100 employers, according to its website.
These data are provided by banks and other companies directly to Equifax and the other credit bureaus. Consumers have little choice over how credit bureaus collect and store their personal and financial data.
Equifax has more data on YOLl than just about anyone else. If any company needs airtight security for its information systems, it should be credit reporting bureaus such as Equifax. Unfortunately this has not been the case. On September 7, 201
CASE STUDY QUESTIONS
8-13 Identify and describe the security and control \veaknesses discussed in this case.
8·14 What management, organization, and technology factors contributed to these problems·.’
8·15 Discuss the impact of the Equifax hack
8·16 How can future data breaches like this one bee prevented? Explain your answer
8-17 Describe three spoofing tactics employed in identity theft by using information systems.
8·18 Describe four reasons mobile devices used in business are difficult to secure.
