Case 9: Data Breach at Equifax

MBADM 830 SP20



  • 1. How does Equifax’s business model work? Who is the customer, and what is the product?

  • 2. Where would you assign accountability for the breach – the technology (security) team, senior management, CEO, the Board of Directors?

  • 3. How would you characterize Equifax’s response in the wake of the breach?

  • 4. In your view, how should Equifax have prepared for the breach and the subsequent response?

5. What do you make of the arbitration clause initially included in the TrustedID product? Are such clauses generally unfair, or is the TrustedID clause particularly unfair? Why or why not?