![]() We know that the Chairman and Chief Executive Officer, the Chief Information Officer and the Chief Security Officer knew about the breach. All three have since left the company in the wake of the fallout. Given the size of the breach, were these people notified? Whether the answer is yes or no, why didn’t the CFO know? Why not?Įquifax’s ethics code requires that Human Resources, the Corporate Ethics Officer, or the Audit Committee of the Board of Directors be notified of any suspected fraud or theft of company assets. Equifax stated that these three executives did not know about the breach. The CFO and two other executives sold a combined $1.8 million in Equifax stock in the days following the company’s discovery of the breach. Was it fair to these customers that Equifax did not tell them of the breach? What losses will result from this lag in reporting the breach? Equifax executives who knew about the data breach had an ethical duty to inform all “covered insiders” not to sell any stock until the pending material information about the breach was made public. These companies were unable to consider whether they required other forms of identification and information to verify that they were not processing credit applications for fraudsters. The creditors and financial institutions that rely on Equifax were considering credit applications and approving loans for this period. They were totally unaware that the applications they were processing could be fraudulent and contain personal information stolen from Equifax. This delay deprived its customers the opportunity to take early actions to mitigate the potential damage from the exposure of their personal data. Credit freezing and monitoring could have started months ago. Equifax had an ethical duty to inform its customers of the breach as soon as the breach was discovered.Įquifax has not said why they waited until September 7th before announcing the cyber incident. Could it be that the hacking was too embarrassing for a proud company to announce, or was there another reason? ![]() Why didn’t Equifax take down the web portal as soon as it knew the software was vulnerable, and not brought the portal back up until the security flaw was patched?Ĭompanies lacking in internal controls tend to be more exposed to ethical failings than companies with strong internal controls. We normally think of accounting processes when we discuss a company’s internal controls, but its internal controls over its computer systems are equally important, especially for a company whose product is digitally maintained. Equifax had an ethical duty to its customers to maintain personal data with utmost security.Įquifax used an open-source software tool known as Apache Struts that supported Equifax’s online dispute portal web application. The company believes that the hackers gained access to its data through a vulnerability in Apache Struts. This vulnerability was known to Equifax since March 2017. The hackers gained access to Equifax’s data from May 13 through July 30th, when Equifax took down this web portal. So, how well did Equifax’s executives live up to its own code of ethics? Several things strike me about the ethics of Equifax’s handling of this crisis. Smith has an introductory message to the code discussing his commitment to the code and compliance. Ironically, Equifax updated and reissued its corporate code of ethics in July, about the same time it discovered the breach. Equifax’s code touts the importance of honesty and fair dealing in maintaining appropriate business relations, protecting the privacy and confidential information of others, advising employees to watch out for company property that is not secured, and prohibition of insider trading. consumers is a crisis of epic proportions.Įquifax, like its two rivals, is the gateway to consumers’ access to financial credit. Equifax’s customers also include the users of this data to make credit decisions. If you had to boil down the two most core ethical principles that were required of Equifax given these unique roles, it should be integrity and security. How a company and its leadership adheres to its core principles and responsibilities during a crisis speaks volumes about its ethics. The Equifax data breach that exposed the personal data of about 143 million U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |