Final Project: Analyzing a Data Breach – Submission :Cybersecurity Case Studies and Capstone Project (IBM Cybersecurity Analyst Professional Certificate) Answers 2025
3. Question 3 — Two credible citations
✅ Citation 1 (government oversight report): U.S. House Permanent Subcommittee on Investigations, “How Equifax Neglected Cybersecurity and Suffered a Devastating Data Breach,” December 2018 (Equifax report). House Oversight Committee
✅ Citation 2 (regulatory/settlement): Federal Trade Commission — Equifax Data Breach Settlement summary and materials. Federal Trade Commission+1
Explanation: I selected an authoritative investigative report (Congressional oversight) and the FTC/CFPB settlement page for regulatory outcomes — both are highly credible and directly relevant.
4. Question 4 — Identify two root causes (provide response)
✅ Root cause A — Poor patch management and asset tracking.
Explanation: Equifax failed to promptly apply a critical Apache Struts patch released in March 2017; an incomplete asset inventory and weaknesses in change/patch enforcement meant the vulnerable web application remained exposed. Equifax Inc.+1
✅ Root cause B — Weak environment controls and detection (network segmentation & monitoring).
Explanation: The attacker moved within Equifax systems and accessed many databases over weeks; inadequate segmentation, insufficient logging/monitoring, and expired/ineffective detection capabilities delayed discovery for ~76 days. Wikipedia+1
5. Question 5 — Document two actions taken (provide response)
✅ Action 1 — Emergency patching, system remediation, and forensic investigation (Mandiant engagement).
Explanation: Once the breach was discovered Equifax applied fixes, disabled the vulnerable application, and engaged external forensics to investigate intrusion scope. House Oversight Committee+1
✅ Action 2 — Consumer relief program and regulatory settlements (credit monitoring, funds).
Explanation: Equifax offered free credit monitoring and agreed to multi-agency settlements providing consumer funds and obligations to improve security practices. Federal Trade Commission+1
6. Question 6 — Evaluate effectiveness and timeliness of the two actions (provide response)
✅ Action 1 evaluation (remediation & forensics): Partly effective but late.
Explanation: Forensics and remediation ultimately stopped the active exploit, identified data exfiltration, and informed defensive improvements; however, discovery took ~76 days from initial compromise and remediation was reactive rather than preventive. The delay reduced effectiveness because large volumes of PII were exfiltrated before detection. House Oversight Committee+1
✅ Action 2 evaluation (consumer relief & settlements): Effective for consumer compensation/legal closure but insufficient as a technical fix.
Explanation: The settlement and credit-monitoring offerings provided consumer remedies and multi-agency oversight, and imposed remediation obligations on Equifax; they do not, however, by themselves guarantee operational security improvements — governance and sustained technical change are required. Federal Trade Commission+1
7. Question 7 — Identify successes, gaps, and failures (one each)
✅ Success: Rapid engagement of third-party forensic experts and public remediation once breach detected.
Explanation: Hiring Mandiant and coordinating with law enforcement allowed forensic containment and evidence collection. House Oversight Committee
❌ Gap: Incomplete asset inventory and inadequate patch-enforcement processes.
Explanation: Lack of up-to-date inventory/patch discipline allowed the vulnerable Struts instance to remain exposed. House Oversight Committee
❌ Failure: Delay in detecting the intrusion and shortcomings in breach disclosure/initial communications.
Explanation: The breach persisted for months before discovery; disclosure timing and early communications drew heavy criticism and government inquiry. Wikipedia+1
8. Question 8 — Determine two impacts on the organization (provide response)
✅ Impact 1 — Financial and legal penalties plus remediation costs.
Explanation: Equifax faced multi-agency settlements (hundreds of millions of dollars), legal costs, and long-term remediation spending. Federal Trade Commission+1
✅ Impact 2 — Reputational damage and loss of stakeholder trust.
Explanation: Customer trust and corporate reputation suffered; leadership changes followed and the firm faced increased regulatory scrutiny and market impacts. Wikipedia+1
9. Question 9 — Provide two lessons learned (provide response)
✅ Lesson 1 — Prioritize timely patching and maintain accurate asset inventories.
Explanation: Critical patches to popular open-source components must be tracked and applied quickly; inventories enable prioritization. Equifax Inc.+1
✅ Lesson 2 — Invest in detection, segmentation, and incident-response readiness.
Explanation: Strong monitoring, network segmentation, and tested IR plans shorten dwell time and limit data exfiltration. House Oversight Committee+1
10. Question 10 — Provide two recommendations for future actions (provide response)
✅ Recommendation 1 — Implement a risk-based patch management program with automated alerts and enforcement.
Explanation: Use centralized asset discovery, prioritize high-risk components (public-facing apps, authentication systems), and automate patch deployment and verification.
✅ Recommendation 2 — Strengthen detection and least-privilege segmentation; run regular tabletop drills.
Explanation: Deploy improved logging/analytics, two-factor auth for high-privilege accounts, micro-segmentation to limit lateral movement, and conduct frequent IR exercises to test processes and speed detection.
11. Question 11 — Conclusion (provide response)
✅ Conclusion:
Explanation: The Equifax breach is a landmark example of how failures in basic cybersecurity hygiene (patching, inventory, segmentation, detection) can lead to severe organizational, regulatory, and societal consequences. While remediation and settlements addressed immediate harms, sustainable improvement requires culture change, strengthened technical controls, and ongoing oversight. Organizations handling sensitive PII must treat vulnerability management, asset visibility, and incident detection as continuous, high-priority business risks rather than occasional IT tasks. House Oversight Committee+1
🧾 Summary Table
| Q# | Answer (short) | Key concept(s) |
|---|---|---|
| 1 | 2017 Equifax data breach ✅ | Large PII breach |
| 2 | Intro (≤150 words) ✅ | Attack vector, scope, impact |
| 3 | Citations: House report; FTC/CFPB settlement ✅ | Credible sources |
| 4 | Root causes: poor patching; weak detection/segmentation ✅ | Patching, inventory, monitoring |
| 5 | Actions: remediation/forensics; consumer relief/settlement ✅ | Technical fix + legal remedy |
| 6 | Action eval: remedial effective but late; settlement helped consumers ✅ | Timeliness; scope |
| 7 | Success/gap/failure: forensic hire; asset inventory gap; slow detection ✅ | Response, governance, detection |
| 8 | Impacts: financial/legal; reputational ✅ | Cost, trust |
| 9 | Lessons: patching & inventory; detection/segmentation ✅ | Operational lessons |
| 10 | Recs: automated/risk-based patching; strengthen detection & drills ✅ | Future prevention |
| 11 | Conclusion: hygiene + governance + culture needed ✅ | Continuous security |