Beginning onMay 13, 2017 hackers successfully breachedEquifax'scustomer dispute portal. The hackers used an Apache Struts vulnerability, a months-old issue thatEquifaxknew about but failed to patch,...

Beginning onMay 13, 2017 hackers successfully breachedEquifax'scustomer dispute portal. The hackers used an Apache Struts vulnerability, a months-old issue thatEquifaxknew about but failed to patch, and gained access to login credentials for three servers. Those login credentials in turn allowed the hackers to access another 48 servers containing personal information.The hackers spent 76 days within theEquifaxnetwork before they were detected.Equifaxdidn't discover the attack until July 29, and cut off the hackers’ access on July 30.The breach exposed the personally identifiable information of over 147 million Americans. This information included social security numbers, names, addresses,birthdates, credit card numbers and driver’s license numbers. Personally identifiable information of British and Canadian citizens was also compromised.

In your initial post, please answerbothof the following questions:

1. Choose a federal law (Equifaxis a credit reporting agency and subject to special laws) or aUS state data breach law or the EU GDPR (check our reading materials andPowerPointslides, the links below, andncsl.orgfor descriptions of applicable law) and explain how it applies or has already been applied toEquifaxfor its data security breach.You use the FTC settlement page as a source for your discussion or include a discussion of any private litigation. Alternatively, since 4 members of the Chinese People’s Liberation Army have recently been indicted, you may choose to discuss whether this indictment represents an example of state-sponsoredcyberwarfare. Remember to distinguish in your own mind the difference betweenEquifax’sliability for the security/data breach and the hackers’ liability for carrying out the breach.


2. Using your best judgment,what would you recommend to create and maintain an infrastructure forEquifaxthat would most robustly and effectively protect against future breaches and the liabilities resulting from those breaches?Include any specifics you may be familiar with such as hardware and software recommendations, compliance with specific US andinternational laws, industry best practices, and any appropriate third-party vendor solutions.