Case Study – The Equifax Data BreachIn 2017, from mid-May to July, hackers gained unauthorized access to servers used by Equifax, a major credit reporting agency, and accessed the personal information of nearly one-half the U.S. population. Equifax executives sold off nearly $2 million of company stock they owned after finding out about the hack in late July, weeks before it was publicly announced on September 7, 2017, in potential violation of insider trading rules. The company’s shares fell nearly 14 percent after the announcement, but few expect Equifax managers to be held liable for their mistakes, face any regulatory discipline, or pay any penalties for profiting from their actions. To make amends to customers and clients in the aftermath of the hack, the company offered free credit monitoring and identity-theft protection. On September 15, 2017, the company’s chief information officer and chief of security retired. On September 26, 2017, the CEO resigned, days before he was to testify before Congress about the breach. To date, numerous government investigations and hundreds of private lawsuits have been filed as a result of the hack.
Discussion Questions:Answer the following questions related to the case study:
- Which elements of this case might involve issues of legal compliance? Which elements illustrate acting legally but not ethically? What would acting ethically and with personal integrity in this situation look like?
- How do you think this breach will affect Equifax’s position relative to those of its competitors? How might it affect the future success of the company?
- Was it sufficient for Equifax to offer online privacy protection to those whose personal information was hacked? What else might it have done?