MARY THE QUEEN COLLEGE OF PAMPANGA INC.

Case Study:
Equifax Scandal
BSA III- PATIENCE

Tan, Roselin C.
Dela Cruz, Ryle
Guanlao, Arielle
Tolentino, Noemi Anne
Yulo, Sandrei Theus

Equifax is one of three major credit reporting agencies (CRAs) in the United States, often
known as credit bureaus. Individual credit reports are created by credit reporting agencies
(CRAs) and provide a thorough picture of a person's credit history, including whether they have
made timely loan and credit card payments. CRAs collect information from businesses, such as
credit card companies, banks, employers, landlords, and others, rather than from consumers.
When a person asks for credit, the lender will check their credit record with Equifax or one of the
other CRAs to discover if they have a history of debt repayment.
Equifax is one of the largest consumer credit reporting agencies in the United States, it
was founded in 1899 and headquartered in Atlanta Georgia. Equifax holds the personal
information and data of millions of consumers. In September 2017, its systems had been
breached and the sensitive personal data of 148 million Americans had been compromised. The
data breached included names, home addresses, phone numbers, dates of birth, social security
numbers, and driver’s license numbers.
Equifax struggled with outdated cybersecurity policies and instruments. Later that year an
internal audit of the policy revealed numerous security deficiencies, including over 8500
unresolved software vulnerabilities. hackers accessed multiple Equifax databases and extracted
consumers’ personal information. Stolen data included consumers’ names, addresses, dates of
birth, social security number, and credit card numbers. In the year 2016 of May, the website of
Equifax’s W-2 Express was also hacked. resulting in the leak of 430,000 names, addresses,
social security numbers, and other types of personal information. Most of Equifax’s security
deficiencies had not been remediated, allowing hackers to breach Equifax’s network and harvest
the PII of 147 million consumers’ personal information. Hackers breached Equifax’s networks
by exploiting Apache Struts via Equifax’s online dispute portal. On May 13th, attackers spread
from the infected portal and gained access to other parts of Equifax’s network.
Equifax together with the other two major companies, TransUnion and Experian. These
corporations contains a massive amount of data regarding sensitive financial information about
millions of people in the United States. Equifax as one of these major corporations failed to
protect this data and failed to ensure that is not fall into wrong hands.
The company was initially hacked via a consumer complaint web portal, with the
attackers using a widely known vulnerability that should have been patched but, due to failures
in Equifax internal process, wasn’t. The hackers was able to move from web portal to the other
servers because the systems weren’t adequately segmented from one another, and they were able
to find username and passwords stored in plain text that then allowed them to access still further
systems.
Because of this incident Equifax is the worst data breach in the world but because of the
completeness of data that the hackers were able to procure. With this information, hackers
possibly steals someone’s identity easily. They can take out credit card and loans in their name
without the person knowing. Equifax knew about the data breach since July and the data breach
has been going since May. However they waited until September before they realised
information about the incident. During this period several people may have been faced theft.
Equifax didn’t give them chance to prepare.
 The company was initially hacked via a consumer complaint web portal, with the
attackers using a widely known vulnerability that should have been patched but, due to failures
in Equifax internal process, wasn’t. The hackers was able to move from web portal to the other
servers because the systems weren’t adequately segmented from one another, and they were able
to find username and passwords stored in plain text that then allowed them to access still further
systems.
The people who are affected by this incident, Equifax states that hackers have stolen data
about 143 million people from their servers. It is about the 50% of the population of United
States, stolen information is permanent including date of birth, social security number addresses
etc. The credit card numbers of approximately 209,000 consumers were also breached. This
group probably consisted people who had paid Equifax directly in order to see their own credit
report.
As soon as Equifax breach was announced, experts keeping tabs on dark web sites,
waiting that the huge dumps of data that might be connected to it but the data never appeared.
There is a theory that the Equifax was breached by Chinese state-sponsored hackers whose
purpose was espionage, not theft. Investigators tie the attack into two big breaches that similarly
didn’t result in a dump of personally identifying data on the dark web, the 2015 and 2015
breaches, all are assumed to be part of an operations to build a huge data lake on millions of
Americans, with the intention of using data techniques to learn about U.S government officials
and intelligence operatives.
Two years after the breach, the company said it had spent $1.4 billion on cleanup
costs, including incremental costs to transform our technology infrastructure and improve
application, network, and data security. Under the settlement, the company will pay a $ 175
million to the CFPB, $ 125 the most you can expect to get in compensation if your data was
from Equifax’s systems, $ 1.4 billion amount Equifax has spent on upgrading its security in
the wake of the incident. Which wrapped up an ongoing class action lawsuit and will require
Equifax to spend at least $1.38 billion to resolve consumer claims. The settlement includes
up to $425 million to help people affected by the data breach.
Equifax highest ever quarterly revenue of $1.2 billion, up 26%; sixth consecutive quarter of
double-digit revenue growth and EPS growth. Broad-based revenue growth with Workforce
Solutions up 40%, USIS up 11%, and International up 39% in reported currency and 25% in
local currency.

The company reported revenue of $1,234.8 million in the second quarter of 2021, up 26 percent
compared to the second quarter of 2020 on a reported basis and 23 percent on a local currency
basis. Net income attributable to Equifax of $215.1 million was up 115 percent in the second
quarter of 2021 compared to net income attributable to Equifax of $100.2 million in the second
quarter of 2020. Total revenue was $495.7 million in the second quarter of 2021, a 40 percent
increase compared to the second quarter of 2020. Operating margin for Workforce Solutions was
53.5 percent in the second quarter of 2021 compared to 49.4 percent in the second quarter of
2020. Adjusted EBITDA margin for Workforce Solutions was 58.0 percent in the second quarter
of 2021 compared to 56.3 percent in the second quarter of 2020.