Skip to main content

Equifax Response

 

On September 7, 2017 Equifax announced the cybersecurity incident to the public in the form of a press release. The company stated that the information that was breached included names, social security numbers, birth dates, addresses and some driver's license numbers. They revealed that they discovered the breach on July 29, 2017 and acted to immediately stop the intrusion. The company partnered with an independent cybersecurity firm to determine how many people were impacted and how much data was breached. Also, they reported the crime and are working with the authorities to determine who is behind the attack and how it happened. Equifax made the website, www.equifaxsecurity2017.com, so that customers could determine whether their information was impacted as well as signing up for free credit monitoring and identity theft protection. The chairman and CEO, Richard Smith, apologized to the consumers for the breach. He stated, "We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.  We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident."

The company released another press release on September 15th and stated that the Chief Information Officer and Chief Security Officer were retiring. They appointed Mark Rohrwasser and Russ Ayres to take their places. The company informed the public that they were still working with law enforcement in the ongoing investigation. They disclosed that the hackers were able to access the data through the a vulnerability in the Apache Struts and were able to access the data from May 13th until July 30th. They included all of the new changes that they put in place to support the customers that were potentially exposed. They created the website, offered free credit monitoring and identity theft protection, set up a call center and refunded the consumers who paid to put a freeze on their account on and/or after September 7, 2017. 

 
Richard Smith

September 26, 2017 Equifax announced that Chairman and CEO, Richard Smith, will be retiring. Mark Feidler was appointed was appointed Chairman and Paulino do Rego Barros, Jr. was appointed interim CEO. Feidler stated that that the company is still deeply concerned about the incident and apologized again on behalf of the company. The company formed a Special Committee Board that would be solely focused on the issues arising due to the incident. Smith stated that it was an honor to have been the CEO and believes it is best for him to step down, "The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right.  At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward."

Paulino do Rego Barros Jr. (left) and Mark Feidler (right)

October 2, 2017 Equifax released its final press release regarding the cybersecurity incident. They announced that the firm concluded it's investigation. The interim CEO stated that the results would be promptly released and he will personally continue to monitor the process on a daily basis. Barros apologized again to the public for the incident and stated that the company will take numerous actions and steps to improve their security. 

I have decided to use the Situational Crisis Communication Theory to analyze the response that Equifax used. It is clear that the company used the "deal" response. They expressed their concern to the public, offered compensation for the incident, admitted that they are filled with regret and feel bad about the crisis, and apologized several times. I think that the company should have taken full responsibility for the incident. They did not take responsibility for not updating their software which ultimately led to the breach. The company decided to ignore the "who is to blame" factor and did not choose to comment about why it took them so long to let the public know about the breach. There seems to be a lot left unsaid about the incident from the company's side of things. I do not believe that their apology was enough to keep their current customers or attract new ones. I could see the company shutting down in the future. 


References

Equifax Inc. (2017, October 2). Equifax Announces Cybersecurity Firm Has Concluded Forensic Investigation Of Cybersecurity Incident. Retrieved November 10, 2020, from https://investor.equifax.com/news-and-events/press-releases/2017/10-02-2017-213238821

Equifax Inc. (2017, September 15). Equifax Releases Details on Cybersecurity Incident, Announces Personnel Changes. Retrieved November 10, 2020, from https://investor.equifax.com/news-and-events/press-releases/2017/09-15-2017-224018832

Equifax Inc. (2017, September 26). Equifax Chairman, CEO, Richard Smith Retires; Board of Directors Appoints Current Board Member Mark Feidler Chairman; Paulino do Rego Barros, Jr. Appointed Interim CEO; Company to Initiate CEO Search. Retrieved November 10, 2020, from https://investor.equifax.com/news-and-events/press-releases/2017/09-26-2017-140531280

Equifax Inc. (2017, September 7). Equifax Announces Cybersecurity Incident Involving Consumer Information. Retrieved November 10, 2020, from https://investor.equifax.com/news-and-events/press-releases/2017/09-07-2017-213000628


Comments

  1. Hi Wetzel,

    I loved the blog post and all the information shared about Equifax’s response to the cybersecurity breach. This post caught my eye the most because the company lost personal information on nearly 147 million people. Do you think the company was able to retrieve all the personal information lost? Also, I want to know how if the company took the time to update the system and stop any additional hacks. I just find it confusing how a 22 billion dollar company managed to lose the personal information of their customers. There should be some form of practice put in place to prevent any hacking from going on within the network.

    ReplyDelete
  2. It's a consistent trend for these big corporations to be late with a statement or aren't taking responsibility for their lack of service. Besides having people's identities at jeopardy, a late statement or lack of accountability wouldn't attract or keep customers. Do you think companies should be more honest and be held accountable for their actions even if that means a plethora careers could be ended?

    ReplyDelete

Post a Comment

Popular posts from this blog

History of Equifax

Equifax was founded in 1899 in Atlanta, Georgia by Cator and Guy Woolford. The company's original name was the Retail Credit Company. Equifax became a publicly owned company in 1965. Today, Equifax operates globally with branches in the UK, Europe, South Africa, and 21 other countries. The company's main goal is to power the world with knowledge. They always have their customer's best interests at heart and focus all of their efforts on them. They offer financial services and advice to consumers in all stages of life. Whether they are entering college, buying their first home, managing a business, or preparing for retirement. The company claims that they are the credit experts. Their purpose is "to help people live their financial best".  Equifax has a negative past. During the company's early years, they collected tons of data on consumers and turned the information over to banks and insurance companies. The data included marital troubles, rumors, people'...