Information Security Project Report: Privacy Breach in Victoria

Verified

Added on 2022/09/12

AI Summary

This report analyzes a privacy breach concerning Public Transport Victoria (PTV) and Myki card data, stemming from a data science competition. The breach involved the release of travel data from 15.1 million Myki users, potentially allowing re-identification of individuals. The report details the incident, the Information Commissioner's findings of privacy law breaches, and the vulnerabilities exploited, such as the ability to track user movements. It discusses the threats associated with privacy breaches, including external hacking and malware. Furthermore, the report outlines various prevention methods, including updated security software, risk assessments, data encryption, staff training, vendor security checks, and third-party data security evaluations. The conclusion emphasizes the critical need for organizations to prevent privacy breaches to protect sensitive information and maintain their reputation.

Running head: PRIVACY BREACH
PRIVACY BREACH
Enter the name of the Student:
Enter the name of the University:
Author note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1PRIVACY BREACH
Introduction
The information security is mainly the practice of stopping the unlawful access, use, expose,
disturbance, adjustment, examination, recording or the devastation of the information. It is the set of
practices that planned for keeping the data protected from any unauthorized alterations or the access.
In this report, the information of the privacy breach of the public transport Victoria is discussed and
when this breach are happened and what is the process to mitigate this privacy breach are also
described in this report. In this report, the privacy breach is happened for the use of myki cards which
is the great use for the competition of the data science.
Discussion
The privacy breach is happened whenever anyone accesses the information without the
permission. It is started with the security breach that is penetrating the computer network that is
protected and ends with the theft or the exposure of the data. This data may contain the personal
information such as the name, details of the credit card and many more. In this report it is discussed
that the Information Commissioner of the Victoria found that the PVT that is the Public Trans port
Victoria that is now is the member of the Transport Department breached the law of the privacy.
The researcher can find that the myki, in the conjunction with the social media can use for
uncovering the wealth of the information about the users of the card. The myki is the ticket that is
used to travel on the tram, buses and trains in the city of Melbourne and several parts of the regional
Victoria. The user can used this myki by touching the myki reader with the card of the user. The
process of using this myki card is as follows:
i) Hold this myki card against the section of this reader which is painted blue also the card is touched
reader.
ii) Whenever this is beeped twice and the lights of the myki reader are green, then it indicate that the
process of touching on or off is successfully completed. Also the confirmation of the process is shown
in the screen of the reader and the remaining balance is also displayed as long as the user hold the
myki card on this reader.
So, from some of the recently held research, it can noticed that by some taps on and the off
also the couple of tweets can help any stalker or any hacker for recognizing the user and track down
the movements of the user with the myki. The Information Commissioner of the Victoria revealed that
the PTV that is the Public Transport Victoria is breached the laws of privacy by discharging near
about two billions of this myki for supporting the data science competition. In the year 2018, the PTV
which is now named as the Department of the Transport released the dataset that contained near about
1.8 bn record of the travel for the 15.1 million users of the myki public transport for the time frame of

2PRIVACY BREACH
2015 to 2018. This was de-recognized that this myki card IDs that is the name of the user who are
using this card if this is registered with this card was removed. This data set had requested by the
Premier Department also the Cabinet to use this in the Melbourne Datathon in the year 2018 that is
the annual competition in which the contestants compete for finding the advanced uses for the data
sets.
Every record of the event contains several data points containing the date and the time, the
information the location, the card identifier that is the distinct number allocated to the every myki card
and lastly the type of the card such as card for the student, police and the asylum seeker. This data
permits for the user tore-identified also their activity of travel for three years exposed. It is said by the
researcher that this data are easily re-identified. This data was unconfined as the part of the event of
the Data Science that was held on the Melbourne also this department said that this data is not
disclosed the identity of the people. Bu the researchers checked their own details of the myki history
and able to match all the travel times with this data on the file and the total set of their whole history
of travel for the period of three years on this myki card. The OVIC started the investigation in the
month of October 2018 after the privacy also data protection deputy commissioner believed that the
PTV had breached the information privacy principles of the state.
Threats of the privacy breach:
The threats that are targeting the several types of privacy or data can come from the person
who have access the network also the hackers form the outside of the organization. These persons can
have the access of the data set via some external things such as the external email accounts via mobile
devices also via the cloud if the data are stored in the cloud. The hackers can send various email with
the malware software which if the user can store in their system, then the hackers can get all the
access of this system and easily they can get all the data set and privacy breach is happened very
easily.
In the recent years there are many privacy or data breaches happened in some of the famous
organisation such as the LinkedIn, eBay, Adobe, Yahoo, Canva and many more.
Prevention methods of privacy breach:
So the organization need to prevent this privacy or data breach because if there is any breach
of privacy is happened then the organization needs to inform all the individuals and face the negative
impact of the brand of the organization and also the loyalty of the consumer. Also for this privacy
breach, the company may face to give the penalty of the 4 % of annual turnover of them. So there are
several ways are present to prevent this privacy or data breaches which are as follows:
i) Up to date software of the security: It must confirm that the security software is updated also
regularly patched for avoiding the weak spots for the hackers to abuse.

3PRIVACY BREACH
ii) Regular Assessments of the Risk: Accomplish the assessments of vulnerability for reviewing also
addressing any type of changes or any new risks in the protection of the data. Considering all the
scenario such as the storage of the data also the remote access for the employees also confirm that the
procedures and the policies are acceptable.
iii) Encryption and the back of the data: The personal data of the user should be encrypted at least
containing on the laptops for work which are issued to the staff. As a substitute of using the tapes for
backup which can be stolen or lost, the data can back up to the remote services by using Internet.
iv) Training and awareness of the staff: Need to train all the staff for following the best practices
and be aware of the significance of the security of the data also need to learn that how to escape the
mistakes which can lead to the privacy breaches. The awareness of the sensitive data also the security
should be the part of the culture of the organization.
v) Confirm the vendors and the partners retain the high data security standards: Whenever the
organization are working with any other companies which may handle the data of the customers then
the organization need to make sure that they have also the acceptable systems in their company to
secure the data of the customers.
vi) Evaluations of the third party data security: Having the third party that are carried out the risk
evaluation permits the objective also the view of the outside of the present breach risks. The expert of
the data security can instruct on the perfect solutions distinct to the every organization for reducing
the breach risk. This can also determines the serious purpose to confirm the protection of the data.
So from the above discussed methods of the prevention, the organization can prevent the data
or privacy breaches that can happen in their organization. Otherwise the reputation of this
organization is in the bottom line and also the financial condition of this organization can affect by
this breach.
Conclusion
From the above discussed report, it can be concluded that the privacy or data breach discloses
the information that are sensitive, protected or the confidential to the unauthorized person. By several
process such as stolen the credentials, fraud of the payment card, access of the third party, mobile
devices and many more. From this discussion, it is cleared that the privacy or data breach can have the
shattering effect on the reputation of the organization and also affect their financial condition. But
there are many methods are available by these any organization can prevent this type of privacy
breaches. So the privacy breach is a major problem now a days and the organization needs to prevent
this to store the data of their customer appropriately.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4PRIVACY BREACH
Bibliography
Don't post about your trip home: Lessons learned from 'shocking' privacy breach. (2020). Retrieved 3
April 2020, from https://www.abc.net.au/news/2019-08-15/myki-data-spill-breaches-privacy-for-
millions-of-users/11416616
Douglas, M., 2018. Characterisation of breach of confidence as a privacy tort in private international
law. UNSWLJ, 41, p.490.
Gwebu, K.L., Wang, J. and Wang, L., 2018. The role of corporate reputation and crisis response
strategies in data breach management. Journal of Management Information Systems, 35(2), pp.683-
714.
Kim, D., Park, K., Park, Y. and Ahn, J.H., 2019. Willingness to provide personal information:
Perspective of privacy calculus in IoT services. Computers in Human Behavior, 92, pp.273-281.
Mamonov, S. and Benbunan-Fich, R., 2018. The impact of information security threat awareness on
privacy-protective behaviors. Computers in Human Behavior, 83, pp.32-44.
Mamonov, S. and Benbunan-Fich, R., 2018. The impact of information security threat awareness on
privacy-protective behaviors. Computers in Human Behavior, 83, pp.32-44.
Talesh, S.A., 2018. Data breach, privacy, and cyber insurance: How insurance companies act as
“compliance managers” for businesses. Law & Social Inquiry, 43(2), pp.417-440.
Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S. and Serna, J., 2018, March. Privacyguide:
Towards an implementation of the eu gdpr on internet privacy policy evaluation. In Proceedings of
the Fourth ACM International Workshop on Security and Privacy Analytics (pp. 15-21).
Tu, Z., Xu, F., Li, Y., Zhang, P. and Jin, D., 2018. A new privacy breach: User trajectory recovery
from aggregated mobility data. IEEE/ACM Transactions on Networking, 26(3), pp.1446-1459.
Vu, H.Q., Law, R. and Li, G., 2019. Breach of traveller privacy in location-based social media.
Current Issues in Tourism, 22(15), pp.1825-1840.
Vu, H.Q., Law, R. and Li, G., 2019. Breach of traveller privacy in location-based social media.
Current Issues in Tourism, 22(15), pp.1825-1840.
Wu, Z., Wang, Z., Wang, Z. and Jin, H., 2018. Towards privacy-preserving visual recognition via
adversarial training: A pilot study. In Proceedings of the European Conference on Computer Vision
(ECCV) (pp. 606-624).