Case Analysis One | michondaramsey

Michonda Ramsey

PHIL 355E

Case Analysis 2.4

2.22.2025

Equfiax, one of the largest credit reporters, was involved in an enormous data breach that subjected millions of user’s personal data to exposure. The destruction the breach caused relieved consumer’s social security numbers, addresses, birthdays, and many more pieces of sensitive information. The magnitude of this could be defined as one of the most horrific leaves that people have experienced where so much private information was compromised. The breach raised many concerns about credit reporting agencies, and their ethical practices. The question that needs to be highlighted is how much interest these companies have in protecting their customers and customers from possible cyber threats. If we examine the significant ethical concerns, we can see how devastating this breach is and was to millions of people. Equifiax had a duty to protect the personal information of their users and unfortunately they failed to uphold that. In this case analysis, I will argue that Kantian Deontology shows us that the Equifax breach harmed consumers by compromising their private information, and according to the law of ethics this was morally wrong.

To gather a clear picture of the responsibility Equifax owed to their consumers, we can firstly use the perspective of Miltion Friedman, who emphasizes the importance of business is to maximize shareholder value while still following the law and ethical responsibility. As any successful business, their end goal is to bring as much revenue and profit to their business, even when they operate with the objective of supporting the public. Although Friedman states that when a company diverts from their primary goal of profit making by engaging in the social and charity initiative it disrupts their goals, but he still stresses that companies are to stay within their moral bounds. Equifax actions displayed the complete opposite of the deontology concept. The company not only neglected their duty of data protection for their customers, but they failed to show respect by continuing to charge them for credit freeze after the damage of the breach unfolded. Their goodwill is called into question as their response to the breach was delayed and lacked genuine care. For the panic it brought to all users. Many people suffered emotional distress from fear of how much information the criminals had and what they intended on doing with it. If Friedman’s perspective was applied to the data breach while keeping the deontology theory obligation in mind it can be revealed that Equifax did not comply with the code of ethics. There are so many routes that could have been taken to prevent the breach in the first place, conducting regular security audits, or ensuring that all employees were equipped with MFA on all company devices. These measures could have been used to significantly reduce the likelihood of a breach occurring again. Although the destruction has already taken place, Equifax has the opportunity to learn from this unfortunate, and preventable event. For starters, to morally correct their wrong, they could have immediately notified their consumers to let them know what was happening, instead of silently trying to cover their tracks, and acting in their best interest. They could have also gone the extra mile and offered a minimum of 5 year credit monitoring to be included with their credit report. I believe Equifax wanted to retain as much profit as possible by limiting how much money they had to spend in order to correct this mistake. They also lacked transparency into the situation by not providing full disclosure of how much harm was in the attack. This alone was a huge below to consumers which put a major dent in the trust they had in the service. Some consumers even refused to provide anymore information to the company, which was understandable given the poor judgement on Equifax end. Friedman would say this ultimately hurt shareholde’s capital as it was a direct hit to the company’s reputation and profit. It goes against his values of maximizing profits, but also was morally wrong which goes against deontology theory.

Another concept that we can review to evaluate Equifax moral ethics is from Melvin Ashen who emphasizes that companies have a responsibility beyond making profit which is aimed towards conducting business that promotes positivity in society. His concepts are the complete opposit of Friedman whereas he believes that a business profit are not the main focus, but defining what the social contract is and taking more involvement in societal issues. When we assess this against the data breach at Equifax, we can see that they failed to align with the evolution of corporate expectation. This incident stresses the importance of considering the broader impact of their actions on not only shareholders, but all stakeholders. When the concept of changing societal contract is lined up with Kant’s deontology it brings focus to the failures of the duties that Equifax is bound by. Ashen goes on to apply pressure to business by discussing that belief businesses are responsible for the external cost that they create. In this situation the cost would be all the financial crisis that began after the breach was announced to the public. As mentioned many users were faced with growing concerns of identity theft, stolen funds and legal troubles stemming from crimes committed under their identity. The negligence shown by Equifax set the tone for unjustifiable morals, but all the dangerous consequences that users faced following the breach. From a deontology perspective this violated the duty of protecting the rights and dignity of individuals. This was also a failure to the unwritten social contract. What could have been done differently to reshape the social norm of a business being hands off in turmoil that they cause? Based on Ashen’s argument, there could have been a collaboration between the government and the public to address these societal challenges. These challenges are cybercriminals who are the biggest threat to business and the digital world.

The conclusion of this case analysis I believe that Equifax handled the breach very poorly and acted within moral failure. Although Melvin Ashen and Milton Friedman stand on two different ends of the business responsibility line, they both stress the importance of ethical obligation by prioritizing the privacy of all consumers. There is a way to balance both, maximizing the profits of shareholders, whole protecting stakeholder and maintaining the public trust. This case serves as a reminder of the critical importance of business taking on greater social support and aligning with both legal and ethical standards. From my findings, Equifax actions aided Friedman’s theory of maximizing their profits but resulted in the erosion of the trust of the public. I stand by my finding that Equifax harmed consumers by compromising their private information, and according to the law of ethics this was morally wrong. Going forward the expectation is for businesses to proactively work towards addressing the societal challenges and fulfilling the social contract.