Controversy
Equifax headquarters in Atlanta, Georgia |
On September 15th, 2017, the consumer credit reporting giant Equifax announced a massive cyber-security breach to the world affecting approximately 143 million Americans. It soon came to light that although Equifax reported this breach in September, they had actually been the target of numerous breaches going as far back as May. Despite discovering these breaches internally in late July, Equifax had delayed informing the millions of people whose personal information was now vulnerable for nearly 6 weeks.
Founded in 1899 in Atlanta, Georgia, Equifax began as a small credit company which quickly grew over the ensuing decades. Today they are known as one of the 3 largest consumer reporting agencies in the world, servicing hundreds of millions of individuals. As a credit reporting agency, Equifax had collected the personal information of millions of consumers in order to perform credit checks for businesses worldwide. Equifax kept information such as names, birthdays, and even social security information on file in order to make credit checks. However due to an outside breach caused by hackers, Equifax quickly found itself under public scrutiny for their apparent lack of security and is now facing what may be the largest class-action lawsuit in US history. While Equifax has officially kept quiet as to why they had waited so long to inform the public about the breaches, further investigation into the breach has brought some troubling findings to light, only deepening Equifax’s woes.
The underlying issue to the breaches could be traced to an exploit present in the Equifax software framework that allowed the hackers to access sensitive information. As it turned out the patch for this exploit was released nearly 2 months before the first breach and had it been applied to the system the breach would not have happened. Despite the patch being readily available, Equifax’s tech employees failed in up-keeping their internal systems. Additionally, since 2015, the company had been lobbying lawmakers to lessen the amount they would have to pay in lawsuits by consumers, only making the company seem further reckless and inconsiderate about their own actions. In response to complaints, Equifax offered customers free credit monitoring service for a year and the ability to freeze their credit for free. However, the monitoring service is also owned by Equifax, putting themselves in a position to eventually profit off of those signing up for the service.
Using some of the most prevalent ethical theories including Individualism, Utilitarianism, Kantianism, and Virtue Theory, this post will look into whether or not Equifax was ethical in their actions following the breach.
Stakeholders
Size of the breach compared to recent incidents |
Individualism
Equifax stocks suffered due to the incident |
Utilitarianism
Utilitarianism is the theory that happiness or pleasure are the only things of intrinsic value. If a company is not actively trying to spread the most good to the maximum amount of people by carefully thinking about its actions then it is not following the utilitarian ethics model. In this case Equifax was responsible for ensuring the maximum amount of happiness for its stakeholders which include consumers, stock holders, businesses, and employees. As a credit reporting agency Equifax held the confidential data of millions of people, data which included people's names, social security numbers, birthdays, and even addresses. Due to the sensitivity of information Equifax kept, the stakes of a breach were huge as the information could harm consumers if put in the wrong hands. For a Utilitarian, its crucial to think carefully before any action in order to ensure maximum happiness. By failing to safeguard all of this information and not informing consumers straight away Equifax actually made its stakeholders extremely upset. A Utilitarian would have seen it as absolutely necessary to ensure the safety of such valuable data and carefully thinking of ways to keep it safe. By failing to give consumers peace of mind and keeping them safe from identity theft, Equifax was unethical from a Utilitarian standpoint.
Kantianism
It took nearly 6 weeks for Equifax to inform consumers |
Virtue Theory
Virtue theory covers four various virtues, honesty, courage, temperance, and justice. When it came to honesty for coming forward with the breach, Equifax failed miserably. When it was first discovered that there had been a breach they waited nearly 6 weeks before alerting consumers when damages could have already been done. Equifax also fails when it comes to courage as they were likely looking at their own best interests before coming clean with the breach. It sounds simple that if people's information were at risk that they should have alerted consumers however they chose to wait as they were likely afraid of the consequences. As for temperance Equifax didn't seem to have reasonable expectations for the situation either. Coming out sooner would have benefited those affected by the leak and by waiting so long they would inevitably be hurting themselves and their own credibility. Unsurprisingly delaying the announcement only made the situation worse and made for a bigger mess for everyone. In terms of justice Equifax is now looking like the faceless, uncaring company that isn't concerned for people's well beings. They couldn't store private information safely and as a result the stakeholders are being hurt the most from the situation. By also recommending their own services for credit monitoring, it would appear that they're also trying to help themselves in the fallout which certainly isn't justice by any means. Therefore by virtue theory Equifax also wasn't ethical as they failed to even consider if their actions were following these simple virtues. Had they put these virtues in mind with their decision making it would have made the whole situation much better for everyone.
References
Siegel, Tara. “Equifax Says Cyberattack May Have Affected 143 Million in the U.S.” The New York Times, 7 Sept. 2017, .............www.nytimes.com/2017/09/07/business/equifax-cyberattack.html.
Shepardson, David. “Equifax Failed to Patch Security Vulnerability in March: Former CEO.”Reuters, Thomson Reuters, 2 .............Oct. 2017, www.reuters.com/article/us-equifax-breach/equifax-failed-to-patch-security-vulnerability-in-march- .............former-ceo-idUSKCN1C71VY.
Rapoport, Michael, and AnnaMaria Andriotis. “Equifax Lobbied for Easier Regulation Before Data Breach.” The Wall .............Street Journal, Dow Jones & Company, 11 Sept. 2017, www.wsj.com/articles/equifax-lobbied-for-easier- .............regulation-before-data-breach-1505169330.
Harney, Kenneth. "Equifax breach already taking a toll on consumers." Chicago Tribune, 21, Nov. .............2017, http://www.chicagotribune.com/classified/realestate/ct-re-1126-kenneth-harney-20171120-story.html
Merle, Renae. "Before the breach, Equifax sought to limit exposure to lawsuits." The Washington Post, 19, Sept. 2017,
.............https://www.washingtonpost.com/business/economy/before-the-breach-equifax-sought-to-limit-exposure-to- ...........lawsuits/2017/09/19/8e6c8020-9d47-11e7-9083-fbfddf6804c2_story.html?utm_term=.5c8e0fefd5da
Harney, Kenneth. "Equifax breach already taking a toll on consumers." Chicago Tribune, 21, Nov. .............2017, http://www.chicagotribune.com/classified/realestate/ct-re-1126-kenneth-harney-20171120-story.html
Merle, Renae. "Before the breach, Equifax sought to limit exposure to lawsuits." The Washington Post, 19, Sept. 2017,
.............https://www.washingtonpost.com/business/economy/before-the-breach-equifax-sought-to-limit-exposure-to- ...........lawsuits/2017/09/19/8e6c8020-9d47-11e7-9083-fbfddf6804c2_story.html?utm_term=.5c8e0fefd5da
No comments:
Post a Comment