Introduction
With the twenty-first century’s advancement of technology comes the increasing problem of data breaches wherein sensitive information is exposed [1]. Data leakage caused by information exposure which has become a serious problem that cannot be ignored. At the age of today’s rapidly developing information, everyone uses information technology products such as mobile phones and computers, which is to keep up with the times. Numerous vulnerabilities were exploited during the Equifax data attack, worsening the damage. The most significant compromise came from a severe hole in Apache Struts, a popular software framework used in Equifax’s web platforms [2]. But now, With the continuing development of network information technology, our personal information which is all recorded on the Internet. If no measures are taken to protect our online information, the privacy of our information will not be guaranteed. In class, the teacher shared several cases related to the network with us. Among them, the one that impressed me the most was Equifax Data Breach.
Background of the Case
From the content mentioned in class, we learned that“From the material, we can know that Equifax Data Breach, In 2017, Equifax, one of the largest credit reporting agencies in the US, suffered a data breach that exposed personal and financial information of millions of people. This breach resulted in a series of lawsuits. regulatory actions, and congressional hearings.There are two viewpoints here.”There are two different viewpoints. One is that Equifax was negligent in protecting its customer data and should be held responsible for the violation. The other one is that although the data breach of Equifax was indeed a major event, the company is not the only one to be held responsible. I am more inclined to the second viewpoint.
Firstly, let’s analyze why this data breach incident occurred. One of the issues that exacerbated the Equifax data breach was the fact that Equifax’s main product is essentially derived from a database containing many of the US population’s personal and financial information [3]. This product is a huge database. Due to its large quantity and scale, it is inevitable that there will be significant risks involved. Technically speaking, this database itself poses significant risks. To maintain it well requires highly skilled techniques rather than a simple task.
Analysis and Discussion
Findings already demonstrate avenues for designing enhanced transparency and control solutions to empower consumers to take a more active role in monitoring and managing their credit data and financial health [4]. Consumers are also a very important part. If there is insufficient protection for consumers, it will also be a great risk. In addition, cybersecurity program assessment and certifications should address the public communication competency for cyber incident response and handling [5]. From this perspective, insufficient communication skills can also lead to problems. On the one hand, there are loopholes within the enterprise. on the other hand, there is the complexity of technology. Due to the complexity of technology, it makes it more difficult and challenging for the company. Therefore, from technology to management and then to communication, each part is closely linked.
This is not simply a problem with one company, but a result brought about by the joint efforts of multiple parties. The findings of the paper show that there is a systemic failure to learn from past data breaches, and that data breaches not only affect business and government clients of cloud computing services but their respective end-user customer base [6]. If lessons are not learned, it may lead to systemic failure. The string of escalating cyber events should be a warning to business, consumers, regulators and insurance companies about the potential catastrophic damage that can result from a cyber-event [7]. The entire society is confronted with risks related to data. The problem is not only with Equifax. many companies may also be experiencing data breaches and system failures. The company is not the only responsibility. The hackers who carried out this attack are experienced and well-funded. No matter what security measures Equifax takes, they have the potential to find a way to penetrate the company’s defense system. Furthermore, it is important to recognize in today’s digital world. Data breaches are becoming increasingly common and no company can escape them. The severity of data breaches requires society and the law to adapt accordingly and ensure that consumers are protected [8].
Conclusion
The issue of data breach is not the responsibility of a single company, but a systemic challenge that the entire society and legal system need to improve together. Through regulatory improvements, consumers can be better protected. Efforts to educate consumers about financial literacy and identity theft protection should aim to enhance not only the understanding of key financial concepts, but also the aptitude in managing personal finances and making reasonable financial decisions [9]. In the face of data breach incidents like Equifax, not only should enterprises enhance their security protection, but consumers’ own financial awareness and risk prevention capabilities also need to be improved. In this case, it is not solely the responsibility of the company, but rather multiple factors have led to such a result. Regarding cyber security, improvements should be made from legal, educational and social aspects to enable people to use the Internet with greater peace of mind.
References
[1] C. Kenny, “The Equifax data breach and the resulting legal recourse,” Brooklyn Journal of Corporate, Financial & Commercial Law, vol. 13, pp. 215–240, 2018.
[2] J. Craig and J. Kovacic, “Equifax Data Breach 2017,” 2024.
[3] J. Thomas, “A case study analysis of the Equifax data breach,” ResearchGate, Dec. 2019.
[4] Y. Zou and F. Schaub, “Concern but no action: Consumers’ reactions to the Equifax data breach,” in Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1–6, 2018.
[5] P. Wang and S.-A. Park, “Communication in cybersecurity: A public communication model for business data breach incident handling,” Issues in Information Systems, vol. 18, no. 2, pp. 1–10, 2017.
[6] D. Kolevski, et al., “Cloud computing data breaches: A review of US regulation and data breach notification literature,” in 2021 IEEE International Symposium on Technology and Society (ISTAS), IEEE, 2021.
[7] K. DiGrazia, “Cyber insurance, data security, and blockchain in the wake of the Equifax breach,” Journal of Business & Technology Law, vol. 13, pp. 255–280, 2017.
[8] G. S. Gaglione Jr, “The Equifax data breach: An opportunity to improve consumer protection and cybersecurity efforts in America,” Buffalo Law Review, vol. 67, pp. 1133–1160, 2019.
[9] D. L. Remund, “Financial literacy explicated: The case for a clearer definition in an increasingly complex economy,” Journal of Consumer Affairs, vol. 44, no. 2, pp. 276–295, 2010.
About Author
