Name: Tabin Tariq | Osama Iqbal

Reg No.: L1S18BSCS0116 | L1F19BSCS0197

Course Title: Professional Practices

Assignment: 3

Case Title: Equifax Data Breach (2017)

Brief Description: In 2017, Equifax, a major credit reporting agency, suffered a massive data
breach exposing sensitive information of 147 million consumers. Hackers exploited a
vulnerability in Equifax's website, leading to unauthorized access and theft of personal data,
including names, Social Security numbers, birth dates, and more.

Recommendations for Prevention and Ethical Mitigation:

 Regular Security Audits: Conduct routine and thorough security audits to identify and address
vulnerabilities promptly.
 Patch Management: Implement a robust patch management system to ensure timely updates and
fixes for software vulnerabilities.
 Employee Training: Provide comprehensive cybersecurity training for employees to raise
awareness about phishing scams and social engineering tactics.
 Multi-Factor Authentication (MFA): Mandate the use of multi-factor authentication to add an
extra layer of security for accessing sensitive systems and data.
 Encryption Standards: Enforce strong encryption standards for storing and transmitting
sensitive information to protect it from unauthorized access.
 Incident Response Plan: Develop and regularly update an incident response plan to ensure a
swift and coordinated response in a security breach.
 Vendor Security Assessment: Evaluate and monitor the security practices of third-party vendors
to prevent potential vulnerabilities in the supply chain.
 Data Minimization: Adopt a data minimization approach, only collecting and storing essential
information to reduce the impact of a potential breach.
 Ethical Hacking and Penetration Testing: Conduct regular ethical hacking and penetration
testing to proactively identify and address weaknesses in the security infrastructure.
 Transparency and Communication: Establish transparent communication channels with
affected parties, regulators, and the public in the event of a security incident, maintaining
accountability and trust.
Conclusion: By implementing these recommendations, organizations can fortify their
cybersecurity measures, mitigate ethical challenges, and contribute to a more secure digital
environment.