Data Breach Analysis: Causes, Mitigation, and Real-World Examples

Verified

Added on 2020/05/08

AI Summary

This report provides a comprehensive analysis of data breaches, encompassing their causes, impacts, and potential mitigation strategies. It delves into various factors contributing to data breaches, including human error, weak credentials, application vulnerabilities, and malicious attacks. The report examines real-world examples of significant data breaches, such as the Equifax breach in 2017, the SVR Tracking incident, and the Verizon data breach, highlighting the consequences and lessons learned from each. Furthermore, the report explores the importance of data inventory, employee training, and robust security measures to minimize the impact of data breaches. It also discusses the significance of incident response teams, updated policies, and compliance with data protection regulations, such as the German Data Protection Act. The report emphasizes the need for businesses to adopt proactive measures to protect sensitive data and maintain a secure environment.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Abstract
The breach of data is the major loss of information which is considered as an incident for the
sensitive, protected and the confidential data that has been viewed, stolen and used for the
unauthorised users. The focus is on the trading secrets and the intellectual property which works
with the organised crime or the national government. The data breach is the security incident
with the protected or confidential data that is being copied, transmitted, viewed and stolen
through the individual un-authorisation to do so.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Introduction
The data breach is considered a phenomenon with the unintentional information disclosure or the
leakage of the data and the spilling of the data. This also includes the theft or the loss of the
digital media like the computer tapes containing the media where the information is unencrypted
with the posting of information on WWW. The focus is also on handling the transfer of the
information to the system which is accredited for the security at the approved level. The notion is
about the information transfer to the information system with the hostile agency set with the
competing corporation which is also exposed to intensive decryption techniques (Ablon et al.,
2016).. There is a need to focus on the status of legislations around the US and the other
developed countries like England, Germany, France and Australia.
Causes for data breaches
As per the analysis, it is important to understand the reasons of the data breaches which includes
the miscellaneous errors, the misuse of the insider and the privilege threats, the physical thefts
and loss. There are other data breaches mainly due to the denial of service, crime ware, web-app
attacks, point of the sale intrusions and the payment card skimmers. The weak and the stolen
credentials, the application vulnerabilities and the social engineering where the hackers can lead
to the exploitation of the data (Green, 2017). It has been seen that the weak and the stolen
credentials are the major issue for the vulnerability of the system. It not only affects the
application setting or the network protocol but destroys the function setting as well. The back
doors and the application vulnerabilities are mainly depending upon accounting where the issues
are including the brute-force methods and the SQL injection methods. There are certain
malicious or the criminal attacks which are mainly due to the finance, espionage and due to fun

as well. The breach of the data is a major cause of the human error and needs to be handled so
that it can be prevented as soon as possible. There are failures to the applying of the system
patches with the employees who tend to leave their laptops unlocked and they are easily stolen.
Some of the system glitch are also a major issue which needs to be taken care of, with
application failure, logical errors in the transfer of data and the inadvertent data dumps. The
companies work over the indirect costs where the standards are set for handling the investment in
the security and then managing the cost of under control.
The malicious and the intention, system glitches and the human error are found to be the well-
planned breaches which are targeted and worked upon by the hackers. Here, the phishing, scams,
hacking, fraud, cybercrime are some of the issues in the data systems which are implemented.
The e-commerce trading operations undergo the simulation of the targeted attack response
testing where there are issues related to the intentional tampering by the disgruntled employees.
There are people who tend to share the passwords and the people make wrong use of the same.
ISO 27001 is one of the best practice framework which has been set to define the information
security management framework to handle the security breaches accurately.
Steps the businesses could adopt that would minimize
the impact of data breaches
For the proper handling of the data, there is a need to measure the inventory with the different
types and the quantity of the files. This includes the proper handling of the data and safeguard
the information which includes the updating of the procedures, educating and then training the
employees. The control of the computer usage with the security of the computers will help in
keeping the security of the software and maintaining it up-to-date. With this, there are different

procedures which includes the working on system processes with the reduced data transfer and
working over the protection of information (Braunstein, 2016). There is a completion of the
annual privacy and the security risks assessment which are based on identifying the legal and the
regulatory requirements. The gaps are analysed with the protection and providing a
comprehensive view to check on how the different types of the data are disclosed with the
applicable regulations, potential level of the harm to the affected individuals. The organisations
are working on the reduced legal and the reputational standards where the financial liabilities are
set for the assessment of the privacy incident and the development of a proper response to the
data breach as well. The other breach is the breach from the email files which includes the
protection of the health information and then the email is sent to the team members of the
healthcare organisation. Hence, for this, the development of the breach response team and the
process is important for properly monitoring and handling the protection products as well. This
will help in updating the policies and the procedures which are set with the changing
technologies and law.
According to the German Data Protection Act there have been certain different data processing
in the public and the private sector that includes the electronic information and the
communication services for the transmission of the electronic goals. It is important for Germany
or any other country that they should be prohibited from the use of the personal data till there is a
law which permits this and works on the informed consent as well. The law is about the issues
which mainly targets on the data minimisation and then safeguarding the same against the
transmission of the personal data to the third parties. The deviation is mainly to adhere to the pre-
existing terminology and concepts where there is a focus on the security requirements, accessing
the personal information and the objects. The organisation need to work over the data and the

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

restricted downloads which serve as the alliance to the hackers who should be restricted to
download the data, use of firewall setting etc. A proper consent, transparency to the provider will
help in protecting the breach of data.
Three major data breaches during the last five years
(2012 to 2017)
a. Equifax in 2017, is one of the attack of the largest credit agencies in US which has
suffered and affected the consumers. The data sensitivity of the data has been stolen with
the SSN numbers and the driver licence numbers. The hackers are also able to gain the
access to the company system with exploiting the weak point in the software of website.
They sought the assistance from outside the forensics forms where the data is
compromised and set to include the full names, address and the other personal
information (Kashmiri et al., 2016). It is important to deal with the same through
checking the credit reports, considering the placement of the credit freezing of the files
and working over the monitoring of the existing credit cards and the bank accounts
closely.
b. SVR Tracking: The attack of the auto-dealership with the ability to locate and recover
the vehicles. It allows the customer records to be leaked in the online system. with this,
there are issues about the notification for the SVR tracking and finding the security of the
data within the time of 3 hours. This has been not known about the availability of the data
that is available online. It included the email address, passwords, and the other plate
numbers with the ability to check the single place of the vehicle. The breach has been

dealt through the proper analysis and monitoring of the details of the fraud alert of the
files and then working over the identification of the theft victims. (Mikhed et al., 2017)
c. Verizon in 2017: It has been seen that there are subscribers who have been mainly
affected by the breach of the data where the customer services have been contacted a lot
in the last few months (Solove et al., 2016). The records are held by the server which is
controlled by the Israel based Nice Systems. The breach is mainly with the security firms
where the information is about the data exposure and working over the security of the
breached data. The actual data is obtained where the log files tend to generate when the
customers contact the company. For the proper handling of the data, there is a need to
measure the loss of the encrypted network connection with the dates of the secured
standard related to handling the SSN numbers as well (Ogbanute et al. 2016).
Conclusion
The breach of data has been the major issue in the system where the loss of the corporation
information and the damage leads to the destruction of the assets. In most of the cases, it has
been seen that the data breach is mitigated by providing the victims with the subscription for the
credit reporting agency with the new credit cards etc (Simon et al., 2016). There are different
industry guidelines and the government compliance regulations which are important for the strict
governance of the sensitive or the personal data to avoid the breach and work over the corporate
environment with handling the Data Security Standards.

References
Ablon, L., Heaton, P., Lavery, D., & Romanosky, S. (2016). Data Theft Victims, and Their Response to
Breach Notifications.
Braunstein, A. (2016). Standing Up For Their Data: Recognizing the True Nature of Injuries in Data
Breach Claims to Afford Plaintiffs Article III Standing. Journal of Law and Policy, 24(1), 3.
Green, N. (2017). Standing in the Future: The Case for a Substantial Risk Theory of Injury in Fact in
Consumer Data Breach Class Actions. BCL Rev., 58, 287.
Kashmiri, S., Nicol, C. D., & Hsu, L. (2016). Protecting Retailers Against Contagion: Exploring the
Shielding Role of Marketing in the Negative Spillover of the Target Customer Data Breach.
In Celebrating America’s Pastimes: Baseball, Hot Dogs, Apple Pie and Marketing? (pp. 309-309).
Springer International Publishing.
Mikhed, V., & Vogan, M. (2017). How Data Breaches Affect Consumer Credit.
Ogbanufe, O., & Avery, A. (2016). Breaching News: Does Media Coverage Increase the Effects of Data
Breach Event Disclosures on Firm Market Value?.
Simon, S., & Perkins, R. (2016). AN ANALYSIS OF DATA BREACH INDUCED TRAUMA: AN
EXPLORATORY STUDY. Journal of Information System Security, 12(3).
Solove, D. J., & Citron, D. K. (2016). Risk and Anxiety: A Theory of Data Breach Harms.