Crisis Management and Recovery Strategies After a Data Leak: Equifax Case Study

Ledi Diniyatullah; Kurniati Bunga Rindu

Ledi Diniyatullah Faculty of Industrial Engineering, Master of Information Systems, Telkom University, Bandung, Indonesia
Kurniati Bunga Rindu Faculty of Industrial Engineering, Master of Information Systems, Telkom University, Bandung, Indonesia

Keywords: Crisis Management, Data Privacy, Equifax; Information Security, Post-Data Breach Recovery.

Abstract

The Equifax data breach that occurred in 2017 was one of the largest data security incidents in history, impacting approximately 147 million individuals. This incident highlights the importance of effective crisis management and recovery strategies in the face of cybersecurity threats. This article explains the crisis management and recovery strategies implemented by Equifax following the data breach. This research uses a case study approach to analyze the actions taken by companies in responding to incidents, including crisis communication, security system improvements, and compensation to consumers. In addition, this article also discusses the challenges and failures faced by Equifax, and provides recommendations for future improvements. It is hoped that the findings of this research will provide insight for other companies in developing more effective policies and strategies to deal with data security crises in the future.

References

Aslan, Ö., Aktuğ, S. S., Ozkan-Okay, M., Yilmaz, A. A., & Akin, E. (2023). A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions. In Electronics (Switzerland) (Vol. 12, Issue 6). MDPI. https://doi.org/10.3390/electronics12061333

Aswandi, R., Rofifah, P., Muchsin, N., & Sultan, M. (2020). PERLINDUNGAN DATA DAN INFORMASI PRIBADI MELALUI INDONESIAN DATA PROTECTION SYSTEM (IDPS). https://www.hukumonline.com/berita/baca/lt5d1c3962e01a4/perlindungan-data-pribadi-tersebar-

Benzaghta, M. A., Elwalda, A., Mousa, M., Erkan, I., & Rahman, M. (2021). SWOT analysis applications: An integrative literature review. Journal of Global Business Insights, 6(1), 55–73. https://doi.org/10.5038/2640-6489.6.1.1148

Berghel, H. (2020). The Equifax Hack Revisited and Repurposed. In Computer (Vol. 53, Issue 5, pp. 85–90). IEEE Computer Society. https://doi.org/10.1109/MC.2020.2979525

Bernard Oloo Akello. (2024). Organizational information security threats: Status and challenges. World Journal of Advanced Engineering Technology and Sciences, 11(1), 148–162. https://doi.org/10.30574/wjaets.2024.11.1.0152

Bima Pamungkas, R. (2021). LEMAHNYA PERATURAN HUKUM PERLINDUNGAN DATA PRIBADI: STUDI KASUS EQUIFAX DI AMERIKA SERIKAT PADA 2017.

Fowler, B., & Maranga, K. (2022). CYBERSECURITY PUBLIC POLICY SWOT ANALYSIS CONDUCTED ON 43 COUNTRIES (1st ed.). CRC Press.

Hajizadeh, Y. (2019). Machine learning in oil and gas; a SWOT analysis approach. Journal of Petroleum Science and Engineering, 176, 661–663. https://doi.org/https://doi.org/10.1016/j.petrol.2019.01.113

Hapsari, R. D., & Pambayun, K. G. (2023). ANCAMAN CYBERCRIME DI INDONESIA: Sebuah Tinjauan Pustaka Sistematis. Jurnal Konstituen, 5(1), 1–17. https://doi.org/10.33701/jk.v5i1.3208

Kolevski, D., Michael, K., Abbas, R., & Freeman, M. (2021). Cloud computing data breaches: A review of U.S. regulation and data breach notification literature. 2021 IEEE International Symposium on Technology and Society (ISTAS), 1–7. https://doi.org/10.1109/ISTAS52410.2021.9629173

Li, J., Xiao, W., & Zhang, C. (2023). Data security crisis in universities: identification of key factors affecting data breach incidents. Humanities and Social Sciences Communications, 10(1). https://doi.org/10.1057/s41599-023-01757-0

Novak, A. N., & Vilceanu, M. O. (2019). “The internet is not pleased”: twitter and the 2017 Equifax data breach. Communication Review, 22(3), 196–221. https://doi.org/10.1080/10714421.2019.1651595

Osborne, S., & Hammoud, M. S. (2017). Effective Employee Engagement in the Workplace. International Journal of Applied Management and Technology, 16(1). https://doi.org/10.5590/ijamt.2017.16.1.04

Petru-Cristian, N. (2023). A Comprehensive Analysis of High-Impact Cybersecurity Incidents: Case Studies and Implications. https://doi.org/10.13140/RG.2.2.17461.65763

Rosati, P., Gogolin, F., & Lynn, T. (2019). Audit Firm Assessments of Cyber-Security Risk: Evidence from Audit Fees and SEC Comment Letters. International Journal of Accounting. https://doi.org/10.1142/S1094406019500136

Salahdine, F., & Kaabouch, N. (2019). Social engineering attacks: A survey. In Future Internet (Vol. 11, Issue 4). MDPI AG. https://doi.org/10.3390/FI11040089

Suleski, T., Ahmed, M., Yang, W., & Wang, E. (2023). A review of multi-factor authentication in the Internet of Healthcare Things. In Digital Health (Vol. 9). SAGE Publications Inc. https://doi.org/10.1177/20552076231177144

Syafira, A. (2020). UPAYA SEKURITISASI PEMERINTAH INGGRIS DALAM KEBIJAKAN KEJAHATAN CYBER WANNACRY TAHUN 2017.

Venkatesh Sundar. (2018, February 2). Lessons from Poor Vulnerability Protection by Silicon Valley Companies. Indusface. https://www.indusface.com/blog/poor-vulnerability-protection-silicon-valley-companies/

Wijaya, M. (2019). PERAN BUDAYA ORGANISASI DALAM MENGOPTIMALKAN EFEKTIFITAS DAN EFISIENSI STRATEGI ORGANISASI. Media Informatika, 18(2), 67–74.