Skip to content

DA7. Data breach case study

Statement

Data (information) has become a valuable commodity. Cyber Criminals target organizations and individuals who represent precious data. Data is being stolen and sold on the Dark Web. Motivations of cyber criminals may differ, among those could be material gains, political, elimination of competitors, revenge, and just causing harm for no reason.

For this discussion, research the internet, and find a data breach in the cloud (or web) that occurred within the last 12 months from the current date. Study the breach and:

  • Explain why it occurred.
  • What was the damage inflicted on the business?
  • Elaborate on the lessons learned from this case.
  • In your opinion, what cybersecurity measures could prevent or reduce the occurrence of this type of data breach?

Solution

This text discusses a data breach that hit KidSecurity company, which is a US-based company that provides parental control software for mobile devices. The company provides an IOS/Android app that can be installed on a child’s device and gives the parents full control over that device, including real-time location tracking, listening to the environment around the kid, locking certain apps, controlling time spent on applications, and even sending voice messages. The company also provides a web-based dashboard for parents to manage their children’s devices (KidSecurity, 2021).

On September 16th, 2023; a data breach was discovered that caused user activity logs to be publicly exposed for more than a month (DataBreaches, 2023). Here is what happened: Some services that are used to process, store, and search application logs (ElasticSearch, LogStash) were misconfigured; the logs were made publicly accessible on the internet for a month until it was discovered and dealt with (CyberNews, 2023).

The damage included the leaking of 300 million user activity logs, 21000 phone numbers and 31000 emails, and credit card information of some users (CyberNews, 2023).

There are many lessons learned from this case; companies can lose a lot due to small mistakes; customer trust and brand damage that was caused are hard to recover from. When dealing with sensitive groups of people (such as children), security should be taken seriously. Also, security should be considered from the beginning of the development process, and a proper code review would have prevented this breach.

In my opinion, the following measures could have prevented or reduced the occurrence of this type of data breach: security, in general, should be taken seriously by development teams, and standards of configuration management should have been followed; using an automated SECaaS (Security as a Service) tool such as code analysis (before deployment), or a security scanner (after deployment) could have helped in detecting the breach earlier. Also, cloud infrastructure should be closed behind an Identity management layer by default, and only the necessary services should be exposed to the Internet. Finally, the company should invest more in its security team and infrastructure.

To conclude, applications that deal with sensitive user groups should follow strict security standards and go through compliance audits regularly to ensure they follow the laws, standards, and regulations. Also, all companies should report security incidents to the relevant authorities and their customers as soon as possible so that the entire industry can learn from their mistakes, and update the followed standards accordingly.

References

‌ ‌ ‌