Information Systems and Equifax Data Breaches

Information Systems and Equifax Data Breaches
Student’s Name
Institution
Information Systems and Equifax Data Breaches
Introduction
From a general perspective, information systems (IS) can be viewed as the collection and coordination of processes that gather, store and process input as data to produce information as output that can then be used in decision making. With the introduction of computer systems, organizations and businesses have taken the concept of information systems a notch higher, with virtually every aspect of operations thriving on IS. At the core of an IS is the computer hardware and software, supported by telecommunication technologies, databases systems, and most importantly, the human resource, otherwise referred to as human-ware in a more technical term. Up to date, numerous IS have emerged and can be categorized into two broad categories; support of business operations and management support systems (Al-Mamary et al., 2014).
Information systems have come in handy in streamlining operations in organizations of the contemporary era. It has also led to improved efficiency and productivity as organizations take advantage of the efficient and swift nature of computerized systems. With the help of a database system, all the business activities can be tracked using logs and analytics, meaning an increased ability make sound business decisions. There is a whole lot of benefits associated with the use of an IS in an organization, both for management and business operations. However, IS poses a challenge too to organizations. The mere fact that IS relies on information technology (IT) that is exposed to various forms of threats is a major cause for concern for the organizations. Information security that goes hand in hand with data privacy is a major problem associated with IS, and some notable global organizations such as Equifax have had to battle with the inherent threats.
Threats to Information Security
Information Systems, by being reliant on IT, are susceptible to attack by malicious actors and other security threats. From a technical perspective, a threat is any piece of software, human or natural, that has the potential to cause harm to an information system and is only possible through the exploitation of a vulnerability, that is, a weak point in the security system (Stankov & Tsochev, 2020). Digital systems have become part and parcel of human daily living and the concept of IS in the corporate world has led to the emergence of companies that collect enormous amounts of personalized information including biodata, financial information, health information, and paycheck, among other personalized data (Linkov et al., 2019). Such information is a goldmine for malicious hackers, who are working tirelessly to identify the vulnerabilities in information systems, cause massive disruption, and possibly make fortunes. This can be achieved through a ransomware attack or simply putting the market to a halt and influencing the behavior of the market. The unfortunate reality about the security of IS is that a threat actor is always one vulnerability away from exploiting a system. On the other hand, a security system needs to ensure that all the loopholes have been well taken care of, giving the threat actors an upper hand.
There have been numerous incidences of attacks on information systems of various multinational organizations, and large volumes of personalized information have fallen into the hands of malicious users. Yahoo, Facebook Inc., with the Cambridge Analytica scandal, Twitter, Myspace, and Home Depot, to mention but a few are some of the organizations whose digital systems have once or on multiple occasions been compromised. From an information systems perspective, the tragedy that befell Equifax Inc. in 2017 is a perfect example.
Equifax Inc. Company Profile
Equifax Inc. is an American multinational data analytics and technology company that was founded in 1898 by Cator and Guy Woolford (Equifax, n.d.). It is one of the largest consumer Credit Reporting Agencies (CRA) in the United States, among the big three offering commercial credit information to customers across the globe, and has diversified its business operations to incorporate payment services, software, modeling, analytics, and consulting, among other things. Millions of transactions are facilitated by Equifax on daily basis, with the company having over 300,000 customers across the globe (Equifax, n.d.). The company has its operations in 24 countries across all continents except Africa, with over 11,000 employees.
Equifax and other CRAs have a business model that is designed to give detailed information on a person’s credit history, including an individual ability to keep up with the loan repayment schedule and terms. Lenders rely on information provided by CRAs such as Equifax to make sound decisions on whether to grant the individual a loan or not. CRAs' business model and information systems are designed in a way that they collect information from businesses such as banks, credit card companies, landlords, employers rather than the customers themselves (Epic.org, n.d.). With such a vast customer base and huge amounts of personalized information at their disposal, Equifax and the other CRAs have always been a primary target for data breaches, requiring them to have a robust IS security system to safeguard consumer data from the the hands of cybercriminals. However, there has been speculations of lack of commitment or inept cybersecurity measures by CRAs, exposing consumer data to cybercriminals. Bearing in mind the significance that credit records have on one’s life, a data breach of any magnitude to CRAs is a cause for concern.
Equifax Data Breaches
Data breach within Equifax has been a familiar encounter in recent decades. In 2016, Equifax was a victim of an identity theft attack according to a report by Kroger, one of the largest grocery chains that is listed as one of the customers of Equifax (Krebsonsecurity, 2016). The data breach was undertaken by cyber attackers who had access to the employees' default PIN for their W-2Express site that was weakly implemented, making use of the last four digits of the social security number as the default PIN. From Kroger alone, the identity theft perpetrators were able to obtain salary information of over 430, 000 employees, not to mention other companies and institutions that were impacted by the cyberattack at a lower magnitude (Krebsonsecurity, 2016). Although the data breach was made public by some of Equifax's clients such as Kroger, Standford University, and Northwestern University, Equifax downplayed the attack and failed to comment on the data breach.
The 2016 identity theft attack was nothing compared to the 2017 data breach that befell Equifax, and the company admittedly acknowledged the widespread access of personalized information that cumulatively added up to 143 million users. According to Equifax, the hackers accessed the personalized information following exploitation on the dispute web portal that was developed using the Apache Struts web framework from Apache Software Foundation (Epic.org, n.d.). The hacker had access to information like customer names, social security numbers, driver licenses, birth dates, and even addresses, with the attack lasting from May to July (Gressin, 2017). Credit card information was the other target by the attackers and they managed to gain access to the credit data of over 200,000 users in the U.S, UK, and Canada (Gressin, 2017).
Software security experts have weighed in on Equifax's greatest ever ordeal in the hands of cybercriminals, with legitimate claims by some that the data breach was more than a software glitch from the Apache Struts web framework. According to InfoTransec (2018), Equifax is to be blamed for the failure to install security patches for the web framework despite having been released months before the cyber-attack by the software vendor Apache Software Foundations. Leadership c...