Site icon Compliance Culture

Compliance lessons to learn from the 2017 Equifax cybersecurity breach

Equifax is one of the major US-based consumer credit reporting agencies. It operates globally and due to their nature of its business, maintains sensitive and personal information on more than 800 million individuals and more than 80 million organizations.

In September 2017, Equifax announced that it had experienced a cybersecurity intrusion in July 2017 which impacted the data of up to 200 million consumers from the US, Canada, and the UK. The handling of this breach by Equifax was widely criticized and questioned. Among the controversial aspects of it were the two month delay in publicizing it, the lack of specific information about the data compromised, the inadequate and possibly even unsafe system and support provided for impacted consumers, and the perception of possible insider trading by company executives in the days after the breach took place but before it was public.

As the problematic response to this cybersecurity incident unfolded, Equifax’s various blunders and missteps in the public handling of the situation formed a guide for worst practices in such a scenario. As the dialog around Equifax’s response has shown, poor crisis management in the public eye only compounds the consumer protection problems.

Given the ever-increasing risks surrounding cybersecurity, compliance professionals and individuals interested in cybersecurity risk management can take many cues from the above on what not to do in such a situation from Equifax. Hopefully as organizations continue to live with the risk of such intrusions, and improve their control frameworks to prevent and mitigate them, they also pay attention to the public responses in such situation, to make sure that the statements made and guidance provided are adequate and accurate.

Exit mobile version