Over the last decades, there have been many examples of large companies that have found themselves a victim of cybercrime. In recent years, the most notable case has been the Equifax breach.
In September 2017, Equifax fell victim to a mass-scale data breach that compromised the personal information of 147 million Americans – a large portion of the adult population. The company is still keeping many of the details of the breach under wraps, but the source of the issue appears to be related to a flaw in a tool used for internet application development called Apache Struts. While issues are always a possibility, Equifax admitted knowledge of the flaws in their platform a full two months prior to the breach – a significant violation of customer trust. Apache Struts is used by many other companies and government agencies, creating the likelihood for a problem of this caliber on a widespread level.
Equifax’s reputation was damaged beyond repair, and the financial costs of the issue aren’t small, either. In a settlement with the Federal Trade Commission and the Consumer Financial Protection Bureau, Equifax is responsible for expenditures of up to $425 million to cover the ramifications for those affected. The company is still attempting to navigate the situation, providing cash payments and credit monitoring services in an attempt to right their wrongs.
The Equifax breach is among the largest issues in history, but they aren’t the first major player to find themselves under fire: the same happened to Anthem insurance company in 2015, eBay in 2014, and Yahoo! and Target in 2013. With these events in mind, it should be clear that no company is immune, no matter the size or scale.