Equifax Data Breach

The breach on Equifax in 2017, which resulted in the theft and sale of personal information belonging to at least 2000 individuals for financial gain, deeply impacted those affected, emphasizing feelings of powerlessness and vulnerability. Lieber’s case reveals how Equifax and its counterparts, Experian and TransUnion, collect and monetize personal information, influencing individuals’ financial opportunities through opaque algorithms (Lieber,2017). The breach compromised sensitive data and exposed systemic issues within the credit reporting industry, where consumers feel entrapped without meaningful alternatives or control over their own information. Equifax is often criticized for being unethical due to its low credibility and for leaving individuals vulnerable to compromised accounts and social security numbers. The aftermath showcased Equifax’s negligence in handling the situation, with reports of continued charging for credit file freezes and inadequate customer support. The breach amplified fears of financial loss, identity theft, and the lack of accountability within the industry. In this Case Analysis, I will argue that consequentialism shows us that the Equifax breach harmed their customers by selling their information, which was morally bad.

Explain One or More Central Concepts from Friedman
In Friedman’s text, he discusses the concept of “The social responsibilities of business.”
This concept is known for lacking rigor and flexibility (Friedman, 1970). It suggests that a
corporation is like a person and argues that it has responsibilities, but it also implies that a
business does not have responsibilities. This concept revolves around the belief that businesses
should mainly focus on making profits while staying within legal and ethical boundaries.
According to Friedman, striving for profit is crucial for an effective free-market economy. He
argues that businesses should focus solely on generating returns for their shareholders, as they
have invested their capital in the company with the expectation of financial gain. In this view,
any diversion of resources towards social causes beyond legal requirements is considered a
misuse of shareholders’ funds and an imposition of undue costs on the company, potentially
leading to inefficiency and harm to economic prosperity.

Use That Concept to Analyze the Case
The Equifax data breach has shown that companies have to shoulder social responsibility
for the industries in which customer confidence is of key importance. Equifax’s failure to provide
a high level of security for sensitive personal information caused financial damage and ruined the
reputation of the whole credit reporting industry. This data breach shows that the people who use
these companies are exposed to the risk of companies using information without secure systems
or a way to be held accountable. Additionally, the company’s negligence during the aftermath of
the data breach further worsened the situation since it charged a fee for credit freezes, confusion
around the whole process, and no personal accountability. Furthermore, the Equifax case shows
the disproportion of power between the companies and people where consumers do not have
much control over their personal information and depend on self-centered institutions. It
emphasizes the importance of regulatory reforms safeguarding consumer rights and giving rise to
corporate responsibility. The increasing reliance of people on credit reporting agencies for
crucial lending decisions necessitates the implementation of clearer mechanisms of
accountability and redress in case of data breaches.
Use Consequentialism to Assess the Actions Taken in the Case

The Equifax breach, as Ron Lieber’s analysis showed, was destructive to customers by
stealing their personal information and undermining their feeling of safety. From the viewpoint
of consequentialism, Equifax’s actions are morally unacceptable because of their widespread
negative impacts. As a consequence of the breach, the customers’ data was unauthorizedly
accessed and sold, which left individuals open to identity theft, financial losses, and reputational
injuries. This breach violated customers’ privacy and eroded trust in Equifax and the broader
credit reporting industry. The consequentialist perspective underscores the importance of
assessing actions based on their outcomes, and in this case, the consequences were
overwhelmingly detrimental to customers. Equifax’s failure to adequately safeguard customer
data demonstrates a lack of ethical consideration for the potential harm caused by their
negligence. Therefore, consequentialism suggests that the right course of action would have been
for Equifax to prioritize robust security measures and prompt disclosure of the breach to mitigate
harm to customers, thereby aligning their actions with moral responsibility and accountability.

Explain One Central Concept from Anshen
In Anshen’s text, a concept known as “The social contract” is discussed. Its origins trace
back to Epictetus, an ancient Greek philosopher, and evolved along with Thomas Hobbes’
intellectual system during the 17th century (Anshen, 1979). Hobbes utilized his intellectual
framework to emphasize obedience within the social agreement, while John Locke later
interpreted it as the consent of the populace. Jean Jacques Rousseau further developed this
concept, suggesting that individuals implicitly agree to certain terms of behavior with others.
Rousseau suggests that even when the minority disagrees with the majority’s decisions, they
would start by protesting and then wait for the right time before rebellion. According to
Rousseau, such rebellion implies a violation of the contract rather than an uprising against the
whole nation. John Kenneth Galbraith’s work, “The New Industrial State,” aimed to change the
traditional notion of balance, considering the place of private enterprises in modern society and
the relationships between corporations, government, and individuals. The contract requires
businesses to adhere to the ethical code of conduct. Contemporary managers have realized the
need to adjust to economic and technological shifts. Still, they often underestimate the magnitude
of social changes in their traditional aims and tactics, not to mention organizational values.

Use the Social Contract Concept to Analyze the Case
The Equifax data breach pinpoints a crucial failure in the social contract between
individuals and the companies handling their private information. In contemporary society,
people give their data to companies like Equifax, and they are well aware that their data will be
managed correctly and safely. However, the failure of Equifax to safeguard the data and its
insensitive response to the breach illustrates a trust breach on their part. The powerlessness of
affected individuals mirrors the inherent asymmetric power relations between consumers and
data-collecting companies. Equifax and its counterparts Experian and TransUnion form an
oligopolistic market in which consumers have limited choices and very little say in these
companies’ circulation and use of their data. In addition, consumers can no longer prevent the
credit reporting of their information for vital services such as housing and employment, thereby
leaving them with no choice except to accept the terms of credit rating companies. A lack of
choice between opting out and fixing inaccuracies in credit reports shows the systemic flaw in
realizing the principles of transparency and accountability. Equifax stirred distrust and insecurity
by charging for credit freezes and offering poor customer support. In that case, the data breach
entails financial risk and undermines autonomy and the individual’s personal information control.
The regulatory landscape should be transformed in the future by placing individuals in control of
their data and holding companies accountable for their actions.

Use Consequentialism to Assess the Actions Taken in the Case
From a consequentialist perspective, Equifax’s actions after the data breach are highly
alarming and morally disturbing. Insufficient security measures taken by Equifax facilitated
grave harm done to people who subsequently were scared, hopeless, and powerless concerning
their security. The negative stance of the company, which was demonstrated by the imposition of
costs for credit freezes and the ineffective customer support, created the emotional stress and
anger of the victims. Additionally, the lack of transparency and accountability that Equifax
shows disturbs trust in the whole credit reporting system and undermines the level of protection
of personal data. It is, therefore, evident that Equifax’s actions had a negative impact not only on
the individual but also on the social fabric as a whole by creating a system in which companies
put the profit of their customers over their well-being. As a result, the right course of action from
a consequentialist perspective would have been for Equifax to focus on the security of customers’
data, resolve the breach as promptly as possible with transparency and accountability, and
provide extensive support to the affected people without causing them more costs. Besides,
regulatory reforms that empower consumers and make corporations responsible for data breaches
should be implemented to ensure that such acts do not occur in the future and that the welfare of
society is upheld.

In conclusion, the Equifax data breach indicates a loss of trust between individuals and
companies and shows a flaw in the current data storing and credit reporting system. The way
Lieber displays the aftermath reveals the feeling of helplessness and vulnerability among
individuals who find themselves in a scheme in which they are exploited instead of being
rewarded for their personal information. The oligopolistic feature of the credit reporting industry
and the absence of real competition create a power imbalance. Although reforms of the system
and regulations are required, it is clear that systemic changes are of utmost importance to bring
back confidence and accountability. The industry’s reaction to the breach, in which profit motive
and inadequate customer support are the main factors, simply aggravates the erosion of trust.
While the solution lies in regulatory intervention and a reconsideration of the way personal data
is gathered, stored, and used, it goes beyond that. Going forward, the government and companies
must consider safeguarding users’ data rights and enabling individuals to have more control over
their personal information. The only way to prevent such cases is to promote joint efforts. This
will guarantee a transparent and accountable system that fully represents the interests of its
citizens.