This critical incident describes the data breaches that occurred at Equifax in 2017. The data breaches involved the personal information of over 145 million Americans. This is the first time in which name, address, birthdate, and social security number were all stolen at the same time (Primoff & Kess, 2017). In the first instance, improper password usage, in conjunction with password policy insubordination led to the vulnerability. Subsequently, employee failure to update a security “patch” led to the further exposure. The data breach exposed the public to the risk of identity theft in the form of account fraud and/or improper account usage. The organization’s leaders failed to take responsibility for the issue, placing blame on a single employee during public Senate hearings. As a result of this incident, the company suffered significant reputational harm, continued regulatory scrutiny, in addition to monetary penalties which are still to be determined. The reader is tasked with addressing this problem from the perspective of employment and data security policy.