What is a data breach? Undertake some online research to identify a recent example

CLA #1 Tasks
In no more than 500 words, address the following TWO questions and their parts
1. What is a data breach? Undertake some online research to identify a recent example (must be from the last 6 months) of a data breach and use your example to answer this question
A. Describe the characteristics of your example of a data breach (How did it occur and what was most significant about it? (1 mark)
B. Explore your case in relation to the definitions used in week 1 and week 2 of INF20031 and synthesize common features to present what you consider to be the most significant aspects of a good definition of data breach. (1 mark)
2. Bunnings data breach Wk1 & Wk2. Undertake some additional reading
A. With consideration for the Mike Van Stone paper – Mistakes Happen Download Mistakes Happen- clarify how unintentional data loss fits your understanding of data breach with reference to the our first Bunnings case: Bunnings 2019 Download Bunnings case: Bunnings 2019 (1 mark)
B. Why do you think it is that public disclosure and the notification of data breaches is now seen as an important part of the information security environment? Discuss with reference to John Pironti’s paper, Five Key Lessons Learnt Download Five Key Lessons Learntand Bunnings 2022 Download Bunnings 2022data breach (2 marks)

What is a data breach?
A data breach refers to the unauthorized access, disclosure, or theft of sensitive, confidential, or personal information that is stored digitally. Such information includes financial details, personal identification information, health information, and trade secrets. A data breach can occur due to various reasons, such as system vulnerabilities, human error, insider threats, or cyber-attacks.
A. Example of a Data Breach
One recent example of a data breach is the Marriott International data breach that occurred in early 2021. The data breach affected approximately 5.2 million guests and compromised their personal information, such as contact details, loyalty account information, and other personal data. The data breach was caused by a third-party software application used by Marriott International, and the unauthorized access was detected in late February 2021.

B. Characteristics of the Marriott International Data Breach and Good Definition of Data Breach
The Marriott International data breach had several characteristics, such as:

Unauthorized access: The data breach was caused by unauthorized access to Marriott International’s systems, which resulted in the theft of personal information.
Third-party involvement: The data breach was caused by a third-party software application used by Marriott International, highlighting the risks associated with third-party vendors and supply chains.
Delayed detection: The unauthorized access occurred in early January 2021, but the detection was delayed until late February 2021, indicating the importance of timely detection and response to data breaches.
Significant impact: The data breach affected over 5 million guests, which highlights the significant impact that data breaches can have on individuals and organizations.
A good definition of data breach should include these characteristics and emphasize the unauthorized access, disclosure, or theft of sensitive information. Additionally, the definition should highlight the importance of timely detection, response, and notification of data breaches to minimize the impact on individuals and organizations.

Bunnings Data Breach and Unintentional Data Loss
The Bunnings data breach of 2019 was caused by a human error that led to the unintentional exposure of sensitive customer information. The data breach occurred when Bunnings made a spreadsheet containing customer data publicly available on their website. This incident highlights the importance of addressing unintentional data loss in addition to intentional data breaches. According to Mike Van Stone’s paper, “Mistakes Happen,” unintentional data loss is a common occurrence and can be caused by human errors, system failures, and external factors.
In the case of Bunnings, the unintentional data loss occurred due to a lack of proper security controls and awareness training for employees handling sensitive information. Addressing unintentional data loss requires implementing policies and procedures to prevent such incidents and providing training to employees to minimize human error.

Importance of Public Disclosure and Notification of Data Breaches
Public disclosure and notification of data breaches are now seen as critical components of the information security environment. According to John Pironti’s paper, “Five Key Lessons Learned,” public disclosure of data breaches can increase awareness of cyber risks and promote transparency and accountability. Additionally, public disclosure can provide affected individuals with the necessary information to take measures to protect their personal information.
The Bunnings data breach of 2022 highlights the importance of timely notification of data breaches. The breach affected over 300,000 customers, and Bunnings promptly notified affected individuals, enabling them to take necessary measures to protect their personal information. Delayed notification of data breaches can increase the risk of identity theft and fraud and undermine the trust between individuals and organizations.

In conclusion, data breaches remain a significant threat to individuals and organizations, and addressing them requires implementing robust security controls and awareness programs, addressing unintentional data loss, and timely notification of affected individuals. Good definitions of data breaches should emphasize the unauthorized access,