Essay on Discussing an Event of Data Theft

Equifax is a largest credit agency based in the United States of America. In 2017 numerous confidential data of Equifax was reported to be hacked by the attackers. The data that had been hacked by the attackers consisted of the names of the consumers along with their addresses, dates of birth and most essentially, the social security numbers of the consumers. Along with these, the credit card details and the driver’s license numbers were also among the personal data of the individuals that were being hacked.

Reasons behind the data theft

When an investigation was done on the reasons behind the attack, they found that the main reason behind the attack was to steal the consumers’ identity from the data stored in the firm’s database. Moreover, the massive data breach that took place in Equifax also has a different side. The investigation showed that the attackers had spent almost two months elevating their access to the network of Equifax until they started accessing the files (Wang & Johnson, 2018). The authorities of Equifax was unaware of the situation, and the attackers extensively remained in the network until their activities were noticed.

Solutions to be obtained

Identity theft has become a critical aspect of cybercrimes. Cybercriminals tend to steal the identity of numerous individuals in order to carry on several malicious activities by using the identity of others. Identity theft is likely to derail the financial future of any specific individual. Any specific cybercriminal who have already gained access to certain identifiable information of a person, the attackers would be able to take loans, open bank accounts, as well as to conduct numerous other financial activities by using the identity of other individuals (Maitlo et al., 2019). This might result in the individuals whose identity has been stolen being denied of providing loans or credit cards etc. It is essential for any firm to not keep any unnecessary information of their customers, such as credit card details, if not required for any of their business purposes. For instance, if the business does not require the account number or the exp[iration date for any business purposes, it is crucial for the company not to retain that information. It has to be kept in mind that retaining this valuable information unnecessarily raises the risk of data theft and commits numerous crimes.

Most essentially, even if the firm retains the consumers’ personal details, it is their responsibility to provide a higher level of security to the data. At the same time, if any firm created a mobile application for their consumers, they must look into the fact the application only accesses those data and functionalities that are considered necessary for accessibility. Experts suggest that a crucial aspect of the company in providing security to the data of the consumers is to scaling down the access to the data (Saeed et al., 2019). this specifically means that the authorities of the firm must provide the employees only with the access that are necessary for them to perform their task. Hence, the company must implement numerous ways in their business activities that would help them protect their consumers’ data.

References

Maitlo, A., Ameen, N., Peikari, H. R., & Shah, M. (2019). Preventing identity theft: Identifying major barriers to knowledge-sharing in online retail organizations. Information Technology & People. https://pure.royalholloway.ac.uk/portal/files/34726010/Ameen_et_al_Preventing_identity_theft_Information_Technology_People.pdf

Saeed, D., Iqbal, R., Sherazi, H. H. R., & Khan, U. G. (2019). Evaluating Near‐Field Communication tag security for identity theft prevention. Internet Technology Letters, 2(5), e123. https://onlinelibrary.wiley.com/doi/pdf/10.1002/itl2.123

Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: a case study of the Equifax data breach. Issues in Information Systems, 19(3). https://iacis.org/iis/2018/3_iis_2018_150-159.pdf