This work explores the case of Equifax data breach in 2017, the largest and arguably the most consequential case of data breaches in history and one that continues to unfold even to date. We investigate the context and the events leading to the breach as well as the company’s response. Given the incident’s wide scope, we take a perspective rooted in the social corporate responsibility literature to analyze and understand the impact of the event on the lager group of stakeholders affected by the breach. We identify and discuss some of the lessons that can be learned from the incident both from a corporate security perspective and from a corporate social responsibility standpoint. To enrich our understanding of the event and its effects on stakeholders, we supplement our investigation with the analysis of tweets about the event. The events involved in the data breach at Equifax spanned across a long period of time and attracted considerable attention from the media as well as from individual citizen as it took new twists and turns. Specifically, we analyze tweet sentiments (i.e., their positive or negative tone) and the emotions embedded in them (e.g., frustration, anger, fear, etc.) during the time of key milestones in this case (e.g., at the time of the disclosure of the event to the public, at the time of the retirement/resignation of the CIO and the CEO, and at the time when lawsuits were filed against the company). The goal of analyzing social media reactions in the form of tweets is to form a better understanding of the general public’s response to large-scale data breaches. Accordingly, the study has important implications for the theory and practice of crisis management and public relations management at the time of major cybersecurity events.

Abstract Only



When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.