Aliceo Inc. Cybersecurity Breach: Data Protection Report

Verified

Added on 2022/08/15

AI Summary

This report analyzes a data breach scenario at Aliceo Inc., a consumer credit ratings agency. The breach involved the exploitation of a flaw in the "Rhododendron" application, leading to the misuse of an employee's credentials and unauthorized access to consumer databases, particularly within the Complaint Resolution group. The report examines the legal implications of the breach, citing violations of the California Consumer Privacy Act (CCPA), the Federal Trade Commission Act, and the Gramm-Leach-Bliley Act (GLBA). It highlights the company's failure to protect consumer and employee data, emphasizing the need for timely patching, robust security measures, and adherence to data protection regulations. The report underscores the potential consequences of such breaches, including financial losses and damage to the company's reputation, and emphasizes the importance of proactive cybersecurity measures to mitigate risks.

Running head: DATA PROTECTION IN CYBER WORLD
DATA PROTECTION IN CYBER WORLD
Name of the Student
Name of the Organization
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
DATA PROTECTION IN CYBER WORLD
Rhododendron application needs to be patched as per the U.S. Computer Emergency
Response Team that is a Department of the Homel and Security. The application has its play
in all the lines of the business of Aliceo Inc and thus this should be fixed as soon as possible.
The credentials of an employee named Catalina Garcia in Buenos Aires is being used to log
in to the system in Mainland China. As per the reports, the employee was logging in from
different suspicious locations and was removing data from different Consumer Services
group. The data was mainly being removed from the Complaint Resolution group. The
employee could easily access the Complaint Resolution databases that consist of consumer
credit reports. The Complaint Resolution database does not seem to be patched for the flaw
that was encountered in Rhododendron. The case was different from what is seemed to be as
the employee was the victim here. She was new to the system and due to the flaw in the
Rhododendron application her credentials were stolen and were being misused. The cyber
criminal has taken the advantage of the flaw to gain access to the consumer databases. The
activity has been going on for more than two weeks in the late hours when there are less
number of staffs. This can lead to a drastic effect on the business of the firm as the employees
as well as the consumer’s data are at stake.
The laws that come into the scenario are as given below:
1. CCPA or the California Consumer Privacy Act is the state statute that intends to enhance
the privacy rights along with consumer protection for the residents of California in United
States (Goldman, 2019). The act has been laid down for providing California residents with
the right to know what data is being collected, have a knowledge what is happening of their
data, request a business to delete their data and many more aspects as such.
2. Federal Trade Commission Act- This act lays down that the consumers or the stakeholders
of data should be well informed about the way their data is being used and no organization or

2
DATA PROTECTION IN CYBER WORLD
firm should deceive their consumers and misuse data collected (Kovacic, 2015). It is the
responsibility of the firm to protect the data of the consumers and the employees as well.
3. The Gramm Leach Bliley Act or the GLBA act- This particular act governs the protection
of the personal information that are vested to the banks or insurance companies and other
such firms in the financial sector. This mainly addresses the “Non-Public Personal
Information” or NPI that consists of any form of information that in general is collected by a
financial service company (Walrath, 2017). The data that is collected by the financial
institutions from its customers’ needs to be protected even in a better way as it relates to
money or savings.
Aliceo Inc. has employees and consumers in and around California and thus it falls
under the purview of CCPA or the California Consumer Privacy Act. The credit information
of the customers that have been taken by the cyber criminal can be of any citizen and high
chances of him being from California. Thus the company violates this law as it could not
protect the information of his clients. On the other hand, according to Federal Trade
Commission Act when dealing with the data of consumers in business it should be kept in
mind that privacy comes first. Aliceo Inc. did not check on the flaw in Rhododendron on time
and thus it lead to the leak of information of the employee which in turn was the reason
behind the data breach. The credit reports of customers were leaked and this was the fault of
the management clearly. Next is the Gramm Leach Bliley Act or the GLBA act which is very
important in this case as this is about data in the hands of banks and financial institutions.
Aliceo Inc. had links with banks and other financial institutions which had warned them to
check on the application but it was not done properly. This is the main cause of the breach
that has happened. It can be said that had it been checked on time, this could have been
stopped.

3
DATA PROTECTION IN CYBER WORLD
References
Goldman, E. (2019). An Introduction to the California Consumer Privacy Act (CCPA). Santa
Clara Univ. Legal Studies Research Paper.
Kovacic, W. E. (2015). The Federal Trade Commission as Convenor: Developing Regulatory
Policy Norms Without Litigation or Rulemaking. Colo. Tech. LJ, 13, 17.
Walrath, D. (2017). Privacy and Information Disclosure: An Economic Analysis of the
Gramm-Leach-Bliley Act. Policy Perspectives, 24, 55-65.