Privacy Law Violations and Outcome

Assessment 2: Breach Alert System:

BreachAlarm is a program that helps in monitoring securely whether the password has indeed been published online as well as sign up for potential password exploits that can impact email alerts. The dataset comprises common fingerprints of more than 1.09 trillion email addresses which have already been published by hackers with their passwords, and also that list continues to increase (Data Protection, 2020). A breach might also contribute in a regulator inquiry, which could result in potential legal action against your organization. So, it is essential to be prepared. Approximately 1,085,343,208 hacked accounts were detected, in which 576,579 passwords were reported to have been stolen per day, 31,336 hacked passwords were found and 160,007,279 passwords were identified with the largest hack (BreachAlarm, 2020). Big names like Macy's, Bloomingdale's, and Reddit only this year would have addressed the ever-growing list of suspects including its hack. Compromised data is indeed a point that requires the full attention of the people. Infringements of data can mean the loss of millions, even billions, of confidential documents and confidential data, impacting not only the entity infringed but for everyone whose personal information may also have become breached (Data Breaches, 2018).

Equifax faced an incident in 2017 took place on July 29, which undoubtedly affected 147.9 million consumers. Equifax, one of the largest US credit bureaus, said on Sept. 7, 2017 that a security breach in a system on one of their webpages resulted in a data breach that attributed approximately 147.9 million consumers. The hack was found on July 29, although the organization is claiming it probably began in mid-May. The breach jeopardized 143 million consumers ' personal documentation (along with Social Security numbers, dates of birth, addresses, or in some instances driver's license numbers); 209,000 customers often had their credit card details revealed. In October 2017, the figure had increased to 147.9 million (Swinhoe, 2020).

Equifax failed for a percentage of failings in safety and response. Chief amongst these was that the vulnerabilities of the framework which enabled accessibility to the attackers became unpatched. Incompetent specificity of the system facilitated lateral movement for the defenders. Also violated had been credit card numbers with roughly 209,000 consumers. The extent and severity of the Equifax hack is unparalleled. Many organizations have had in the past suffered greater data breaches, however the severity of the private details kept by Equifax and the scope of the situation made this intrusion unparalleled. Equifax has also been slow in reporting the violation.

The reaction by Equifax to breach expressed concerns amongst safety experts and consumer groups. Security consultant Brian Krebs called Equifax's "haphazard," ill-conceived "and" dumpster fire "public outreach just after violation. Equifax established a different database, equifaxsecurity2017.com, for consumers to find out if their documentation was breached in the contravention. This has exacerbated browsers to update the site as a malware threat. Developer Nick Sweeting purchased the securityequifax2017.com domain to illustrate that the judgement by Equifax to make a custom database has made it more convenient for malicious websites to emulate it and cause confusion. Incidentally, the Equifax Twitter account shared a link from the fake site. Consumers having approached Equifax in the immediate aftermath of the breach to suspend their credit have been granted PINs which made reference to the frozen date and time, making it much easier to estimate. Equifax advised customers to show up for their TrustedID Premiere credit monitoring service, but potential customers reached agreement of use with a compulsory implied contract in doing that. Following public uproar that Equifax pressured customers to forfeit their ability to prosecute, the firm released a press statement stating that the rewards associated does not extend to lawsuits caused by the breach of protection (EPIC, 2020).

References

BreachAlarm. (2020). How Safe Is Your Password? | BreachAlarm. BreachAlarm. Retrieved from https://breachalarm.com/ .

Data Breaches. (2018). Data Breaches 101: How They Happen, What Gets Stolen, and Where It All Goes. Retrieved from https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/data-breach-101 .

Data Protection. (2020). Data Protection Toolkit - Personal Data Breaches: are you prepared?. NICVA. Retrieved from https://www.nicva.org/data-protection-toolkit/templates/personal-data-breaches-are-you-prepared .

EPIC. (2020). Equifax Data Breach. Epic.org. Retrieved from https://epic.org/privacy/data-breach/equifax/.

Swinhoe, D. (2020). The 15 biggest data breaches of the 21st century. CSO Online. Retrieved from https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html.


Information System Management Assessment List


Assessing Physical Security in the Workplace

Privacy Law Violations and Outcome

Encryption and National Security

Effects of Malware and Spam on Business

Security Policies

Security Controls and Their Shortcomings

Backup Systems and Plans

Incident Response Plan

The Internet and the World Wide Web