A major data breach may be one of the most serious types of security incidents, which may result in legal and regulatory sanctions as well as serious reputational damage to an organization’s brand.
Provide a brief summary of an instance where a company fell victim to a major data breach. (Please be sure to first read all the posts in this discussion to date so that you are reviewing a company whose data breach incident has not already been covered by a classmate.)
Discuss the features that characterize the data breach. Describe the salient features of the attack, when and how the breach incident was discovered, the data that was illegally accessed, and the consequences of the breach to the organization and the actions taken in its wake.
Please choose one company who was victimized by a significant data breach from the following list, or you may choose to discuss a data breach incident with which you were professionally involved:
Adobe.
Adult Friend Finder.
Anthem.
Ashley Madison.
Ebay.
Equifax.
Heartland Payment Systems.
Home Depot.
JP Morgan Chase.
National Security Agency (NSA).
RSA Security.
Sony's PlayStation Network.
TJX Companies, Inc.
VeriSign.
Yahoo.
US Office of Personnel Management (OPM).
Full Answer Section
When and How the Breach Incident Was Discovered:
Adobe discovered the data breach on October 3, 2013, after it was notified by a security firm of suspicious activity on its servers.
Data That Was Illegally Accessed:
The following types of data were illegally accessed in the Adobe data breach:
- Usernames
- Encrypted passwords
- Credit card numbers
- Expiration dates
- Security codes
- Customer names
- Mailing addresses
- Phone numbers
- Social Security numbers
Consequences of the Breach to the Organization and the Actions Taken in Its Wake:
The Adobe data breach had a number of negative consequences for the company, including:
- Damage to its reputation
- Loss of customer trust
- Increased costs associated with responding to the breach and notifying affected customers
- Legal and regulatory scrutiny
Adobe took a number of steps in the wake of the data breach, including:
- Resetting the passwords of all affected users
- Offering free credit monitoring services to affected users
- Working with law enforcement to investigate the breach
- Implementing new security measures to prevent future breaches
The Adobe data breach was a significant event that had a major impact on the company. It is a reminder of the importance of cybersecurity and the need for organizations to take steps to protect their data from attack.
Sample Answer
Company: Adobe
Data Breach: In October 2013, Adobe announced that it had suffered a data breach that affected an estimated 38 million user accounts. The breach was caused by an attack on Adobe's servers, which allowed hackers to steal usernames, encrypted passwords, and other personal information.
Salient Features of the Attack:
- The attack was carried out using a zero-day exploit, which is a type of software vulnerability that is unknown to the software vendor and therefore cannot be patched.
- The hackers used the zero-day exploit to gain access to Adobe's servers and steal the user data.
- The hackers also stole the source code for a number of Adobe products, including Acrobat Reader and Flash Player.