Data breach report. On British Airways Data breach in 2018
There needs to be a minimum of 4 academic / high quality references. Articles and books from professional organizations, security magazines, industry websites are acceptable. No Wikipedia or low quality sites (if it has a ton of ads and appears to be copied from another source, it’s probably not a high quality source.
1. Summary of the incident – including who and what data was impacted, any regulations or laws were broken and other key parts (1 ½ pages.
a) What data was impacted what was stolen or compromised.
b) If you have quantities for example if there was a credit card breach (how many credit cards were stolen).
c) How many people were impacted?
d) Is the information posted in newspapers or security documents, magazines and there should be sources online?
a) If they have a particular regulation or laws that were broken. E.g. if there were any health care violations regulation. If it was credit cards it was PCI violations include that in the summary.
b) Did they have any records stolen?
2. Summary of Damages and costs to the organization – financial, reputation, etc. (1 page)
a) What was the immediate financial impact?
b) Talk about the reputational Impact it was taken
3. Summary of what the organization did in response ½ page
a) What was the response from the organization.
b) How did they do notification to the customers if they did.
c) What was in the news report.
d) How did they announce it?
e) Did the insurance pay for the impact
f) Did they buy credit monitoring for the customers that were impacted?
g) If there were any lawsuits.
h) All the things they did in response (did they increase their security; did they add extra security features or did they hire more people.
4. Explanation of any mitigations that they could have used or were not available at the time of the breach 1 page.
a) Tools they could have used that were not available at the time, or there were available tools.
b) Or there were available tools at the time they did not use.
c) May be there was a weak encryption at the time and now technology has improved.