ETHICAL DISCLOSURE OF DATA BREACHES COREY TODALEN WHAT IS A DATA - - PowerPoint PPT Presentation

ethical disclosure of data breaches
SMART_READER_LITE
LIVE PREVIEW

ETHICAL DISCLOSURE OF DATA BREACHES COREY TODALEN WHAT IS A DATA - - PowerPoint PPT Presentation

Oct 25, 2022 566 likes •712 views

ETHICAL DISCLOSURE OF DATA BREACHES COREY TODALEN WHAT IS A DATA BREACH? The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the

slide-1
SLIDE 1

ETHICAL DISCLOSURE OF DATA BREACHES

COREY TODALEN

slide-2
SLIDE 2

WHAT IS A DATA BREACH?

  • “The unauthorized movement or disclosure of

sensitive information to a party, usually

  • utside the organization, that is not

authorized to have or see the information.”

slide-3
SLIDE 3

WHAT DOES THE LAW SAY?

  • All 50 states and associated territories

have some form of breach notification law

  • U.S. currently doesn’t have any federal

guidelines or laws

  • California first to create legislation in

2002

  • European Union enacted E-Privacy Directive

in 2009

slide-4
SLIDE 4

FACEBOOK AND CAMBRIDGE ANALYTICA

  • Cambridge Analytica leaked 87 million Facebook

users’ data

  • Data collected through personality quiz app

and FB API

  • One of several major controversies during 2016

presidential election

  • Facebook fined 500k euros due to new E.U. GDPR

guidelines

slide-5
SLIDE 5

EQUIFAX

  • Breach lasted from May 2017 through July

2017

  • Included SSNs, birthdates, home addresses,

drivers licenses, and credit card numbers

  • Attack leveraged unpatched vulnerability

in Apache Struts web framework

  • In Feb. 2020 U.S. D.O.J. indicted several

ranking members of Chinese military in association with the attack

slide-6
SLIDE 6

TWITTER

  • In 2018 330 million users were notified

that their passwords may have been compromised due to flaw in Twitter’s password hashing algorithm

  • May 2019 Twitter got hacked again this

time losing location data and browser histories

  • 2019 hack was due to third party cookies

from Twitter ad partner

slide-7
SLIDE 7

CAPITAL ONE

  • Breached in March 2019 leaking over 100

million customers’ data

  • Customers weren’t notified until July 2019
  • Included names, addresses, birthdates and

financial data

  • Leak stemmed from misconfigured AWS S3

buckets

slide-8
SLIDE 8

CLINTON PRESIDENTIAL CAMPAIGN

  • In June 2016 CrowdStrike releases report of

alleged DNC and Clinton campaign hack in early 2016

  • Report revealed attack originated from the

Russian intelligence agency and associated hacking group Fancy Bear

  • Attack used spearphishing tactics and Mimikatz to

scope out DNC network

  • Also used X-Agent and X-Tunnel for data

exfiltration

  • Lead to the indictment of 12 GRU officers in 2018
slide-9
SLIDE 9

KANTIANISM

  • First formulation
  • Not disclosing a breach is a lie by
  • mission
  • Prompt disclosure is required by law
  • Second formulation
  • Obligated to inform consumers of data

compromise

  • Not doing so implies a lack of respect

for customers therefore using them as a means to an end

slide-10
SLIDE 10

ACT UTILITARIANISM

  • Prompt disclosure is the

ethical move

  • Implies the company is acting

in good faith for the benefit

  • f everyone not just themselves
  • Not disclosing a breach fails

the Utilitarian Calculus

slide-11
SLIDE 11

RULE UTILITARIANISM

  • In all 50 states prompt disclosure is

required by law

  • Informing the public of a breach should

not be determined by pros and cons

  • Disclosure should not be clouded by bias

and any implied gain derived from keeping information from the public

slide-12
SLIDE 12

VIRTUE ETHICS

  • The ideal virtuous person would inform the

public of a data breach

  • Breaking a non-disclosure agreement when

it is in the public’s best interest is considered virtuous

slide-13
SLIDE 13

Thanks for coming to my Talk.