CIA Triangle Review

  • Uncategorized

CIATriangle Review

Domino’sPizza

TheRex Mundi hack on Domino’s Pizza affected the confidentiality ofthe data in question. The privacy of the Belgian and French customerrecords was breached. The sensitive account information of over sixhundred thousand customers was to be left alone only if Domino’sPizza paid forty thousand US dollars. If not, the group would publishthe information on the internet. This act dents the data’sintegrity. Information leaked on the Internet can be tampered with byanyone who comes across the data. The data ranges from addresses,names, phone numbers, emails, and even favorite pizza toppings.

Thesuspension of the Rex Muindi Twitter account by Twitter is an exampleof unavailability. The hacking group could not access the sitesresources. This denial of service attack (DoS) was different, thisone was by an authorized body, the Twitter website administrators.

P.F. Chang’s

Justlike the Rex Mundi hack on Domino’s Pizza, this hack affected theconfidentiality of the customer data. The data was composed of theclient`s payment information. Chang’s did not release the number ofcards stolen, but thousands of credit and debit cards that were newlytaken were up for sale on the internet. Security journalist BrianKrebs said that this batch had numerous credit cards that were issuedto Chang’s customers, this was found to be true since the cardswere used at P.F. Chang’s restaurants.

Notonly was the privacy of the client’s records was breached but theintegrity of the customer payment information was also affected.

Thecriminals also hacked the point of sale machines at P. F. Chang’s.They recorded the credit and debit card data, this apparently madethe point of sale terminals unavailable and thus affected theiravailability. Chang’s then decided to use manual credit cardmachines to process payment transactions in its stores they laterupgraded to better “encryption-enabled terminals.”

MontanaHealth Department

TheMontana Health Department hack affected the confidentiality of thepatient and health department employee data. The breach hit 1.3million people although the damage extent is still unclear, thesewere individuals who had shared personal information with the MontanaHealth Department.

Despitenot knowing precisely if the attackers made off with any sensitiveinformation or if the attackers sold or used the account informationon the black market, the attack still breached the privacy of thepatient’s and employees. The records included their medicalinsurance records, Social Security numbers, birth certificates,medical records, names, addresses, and their banking information.

Ebay

TheEBay hack in May affected the confidentiality of two hundred andthirty-three million users. Their personal data ranging from theirphone number, username, password, and even physical addresses wereattacked. Their sensitive information was in the wrong hands. They,however, told their users to modify their passwords while reassuringthem that their monetary information was not affected. The monetaryinformation was stored separately and encrypted.

TheSyrian Electronic Army alleged responsibility for the attack. The SEAclaimed that what they did was a “hacktivist operation” and thatthey “didn’t do it to hack people’s accounts”, but since thehack affected the user’s username and password further concernspoint to the eBay user’s vulnerability to identity theft. This actis a direct attack on the integrity of the data. The data can nolonger be trusted to deliver consistent and accurate service.

MorganStanley

Anemployee stole the account numbers, names, and transaction data onthree hundred and fifty thousand clients of Morgan Stanley’s wealthmanagement arm the crook planned on selling the data. This actdirectly affected the confidentiality of the data. The customer’sprivacy would be breached the instant the data is sold. Nine hundredcustomers had their sensitive information leaked on the internet.This leak was what brought the entire hack to light.

DespiteMorgan Stanley claiming that there is no evidence that the databreach resulted in losses to customers, the data’s integrity isalso questionable. An unnamed source confirmed that the informationwas displayed for a brief period on the site, and the site had anunspecified number of hits during this time. The data could have beenaltered since it was leaked on the internet public domain. With suchinformation on the loose, identity theft is bound to rise. Just likewith the eBay hack, users should alter their passwords to preventunauthorized access to their personal information, in future MorganStanley should invest in better internet security methods like dataencryption and access controls. (Yeboah-Boateng,2013)

Chick-fil-Acredit card breach

Chick-fil-Athrough a public statement claimed it discovered &quotunusualactivity&quot on originating from a limited number of payment cardsused at a few of their restaurants.

The“limited number of suspicious card transactions”, however, is notso small. A source said the alert had close to nine thousand cards.This enormous breach affected both the confidentiality of the dataand its integrity. Over nine thousand cards had lost their integritysince the cards were used to pay for transactions at the restaurantchain

References

Yeboah-Boateng,E. O. (2013).&nbspCyber-SecurityChallenges with SMEs in Developing Economies: Issues ofConfidentiality, Integrity &amp Availability (CIA).Videnbasen for Aalborg UniversitetVBN, Aalborg UniversitetAalborgUniversity, Det Teknisk-Naturvidenskabelige FakultetThe Faculty ofEngineering and Science, Institut for PlanlægningDepartment ofDevelopment and Planning.

Close Menu