Professional Documents
Culture Documents
Data Breach
Student’s Name
Institutional Affiliation
Instructor
Due Date
DATA BREACH 2
confidential/private data to an environment that is untrusted. Other words for this phenomenon
include data spill, unintended revealing of information, and information or data leakage.
Incidents vary from coordinated attacks by "black hats" or people hacking for some form of
personal gain, connected to the organized activity, political activists, or even national
governments to the irresponsible disposal of computing devices or media storage of data and
sources which cannot be hacked. Data breaches can include "personal health information (PHI)",
financial data like credit card numbers, "personally identifiable information (PII)", trade secrets
of companies, and intellectual property. The bulk of data breaches include overexposed and
A data breach occurs when a cyber attacker successfully infects a computer and steals
sensitive information. This can be done manually by accessing the local data hacking system or
network, or through secretly circumventing the security of the network. Factors on how such data
breaches occur can also be traced back to deliberate attacks. Some of them are discussed below.
Attackers utilize phishing and spam e-mail techniques to try to deceive the user into
unveiling user info, installing malware attachments, or steering users to insecure websites. Email
seems to be a simple way that malware ends up on one's computer [ CITATION Nor \l 1033 ]. By
opening, any attachments or links in an inbox from a source that is unfamiliar will infect one's
computer with malware. Additionally, these emails can be made to look as if it was from a
Weak Passwords
Poor and unsafe user passwords are usually easy for hackers to decipher, particularly if
the password includes complete words or phrases. This is why experts warn against basic
Out-of-date software can create a sort of vulnerability that can slide ransomware on a
Drive-by Download
One can accidentally download malware or virus by merely browsing a vulnerable web
page. Drive-by-download can usually take control of a browser, application, or any operating
Q3. Choose one of the biggest data breaches and explain what happens.
During 2014, hackers explicitly attacked the Yahoo's whole user database, impacting
around 500 million users. Cyber attackers are reported to have access to account data like an
individual's email, phone number, passwords, and other private details. CSO Online described
that the attack had originated from a single person in Yahoo's business office. The employee was
shown a somewhat spear-phishing mail containing a link, which in fact downloaded malware on
the server when he clicked it. When Alexsey Belan (the Russian hacker) obtained access to the
server, he set up a back door on the company's server, allowing him exclusive accessibility for
the Company's email accounts from the internal control panel, which is a system that the
company uses to handle changes to accounts, such as changing passwords [ CITATION Kay19 \l
1033 ]. Belan then extracted and exported the copy of Yahoo's whole user database, which he
utilized to extract the personal information of every account holder. Furthermore, the hackers
DATA BREACH 4
then utilized this database to forge passwords, tricking Yahoo administrators into identifying
them as account holders who had effectively remained logged in. The technique is called "cookie
minting," which enabled them to view around 6,500 Yahoo profiles without the requirement for
All fifty states of the United States of America have implemented laws requiring
government or private institutions to notify the people regarding the security breaches of data
Who should comply with the legislation? For instance, information or brokers,
Meanings of "personal information". For instance, name paired with SSN, driving license
Requirements for notification? For instance, time or method of notification, who should
be notified?
It's becoming usual to hear about massive security breaches. That is why preventions are
Malicious hackers can fly around the server of a flat mobile network and steal every byte
of valuable info. By introducing data segmentation, one can slow down these attackers, buy more
time during the attack, and limit the stolen data [ CITATION Che17 \l 1033 ].
DATA BREACH 5
Impose PolP
Therefore, PolP ensures that any user account has adequate access to perform its job. If a
user account seems to be co-operated, hackers will not have wider access to the entire network.
If one has the past of tapping on a dubious link or opening a bad file, a good cyber
protection system will be sure to recognize the threats, prevent downloading, and prevent
Getting a VCM system or at least doing a risk assessment will help one detect physical as
well as virtual infrastructure technology configuration issues, vulnerabilities, and gaps. VCM
could continuously monitor network and IT properties due to vulnerabilities and flaws along
This first degree of protection covers things like the antivirus and the operating system,
along with hardware such as routers. One must have to ensure that he is well protected and
References
Bennett, S. C. (2008). Data Security Breaches: Problems And Solutions. Retrieved from
https://www.jonesday.com/files/Publication/2dbb7406-ba13-4305-902a-
8f2c65ef3d49/Presentation/PublicationAttachment/301495c5-31c8-4881-8202-
9dd8665df004/TPL0812-Bennett.pdf
Cheng, L., Liu, F., & Yao, D. (2017). Enterprise data breach: causes, challenges, prevention, and
Lawrence, D. (2017). Here’s How Russian Agents Hacked 500 Million Yahoo Users. Retrieved
russian-agents-hacked-500-million-yahoo-users
https://www.ncsl.org/research/telecommunications-and-information-technology/security-
breach-notification-laws.aspx
privacy-data-breaches-what-you-need-to-know.html