...receiving the above statement in the form of a letter, stating you owe thousands of dollars, that you personally did not get the luxury of spending. How would you repay the newly collected debt? Who would you seek to help settle this? Perhaps you would go to the company that had their system breached? Companies should be held liable for losses sustained in a successful attack made on their accounting information system (AIS) by outside sources. Identity theft is defined as “the unauthorized use or attempted misuse of an existing credit card or other existing account, the misuse of personal information to open a new account or for another fraudulent purpose, or a combination of theses types of misuse”(statisticbrain). In 2013, identify theft has caused 11,571,900 $24,700,000,000 was the total financial loss attributed to identity theft in 2013 (statisticbrain). Hackers thrive on stealing an individual’s personal information and doing as they please, but what if it you information was stolen from a source you put complete faith in? Retailers store all of their customer’s information into a database known as an accounting information system (AIS). By definition, accounting in an information system, since an AIS collects, records, stores, and processes accounting and other data to produce information for decision makers (Romney & Steinbart). No one is suppose to have access to this unless authorized by the company, however, that is not always the case. Company firewalls are broken...
Words: 705 - Pages: 3
...AN INFORMATION SYSTEM SECURITY BREACH AT FIRST FREEDOM CREDIT UNION Introduction The case is about an information system security breach at First Freedom Credit Union, a financial institution in the Southern part of the United States. First Choice Credit Union (FFCU has seven branches located throughout the metropolitan area. One branch is located at the FFFCU headquarters. Most employees at the FFCU has at least 5 years of service. The credit card information of 200,000 members has been stolen. This is highly sensitive information and it puts the members at critical risk. The security breach might cause loss of finances and other disturbances. Frank Sanders, the CEO of FFCU called a conference with all the executives of the FFCU. The nature of the conference was to discuss a security breach. A security breach that affected card member credit card numbers and personal information. Frank was uncertain if the breach had affected all members’ information or a portion. However, Frank was aware that fraudulent activity had already taken place on some accounts. Due to the fraudulent activity that had transpired Frank had canceled all current credit cards and was sending out replacement cards. Jaime O’ Dell, the chief information officer (CIO) was appalled because nothing had ever happened like this since his tenure with the company. Jaime felt the firewall being used was the top of the line, virus protested was updated daily and an intrusion detection system that would alert...
Words: 2842 - Pages: 12
...Name: Sampson Amoako Mensah Course: CSC-781 Instructor: Dr. Yen-Hung (Frank) Hu Topic: Target Security Breach Case Study Abstract This paper identifies the issues that cause the Target’s security breach, its also discusses the events that lead to the breach, identifies potential causes of this events, who was affected and how consumers reacted, the extent of the breach, and provide ways to address this events in addition to addressing risk management and data recovery for future occurrence. An Overview of the Breach In the days prior to Thanksgiving 2013, a malware was installed, on Target’s security and payment system, designed to steal credit cards that comes across the system. This malware targeted all the 1,797 stores own by target in the United States. The malware was coded, to pick up credit cards that were swiped at the register and stored on a server controlled by the hackers. Federal enforcement officials contacted Target on December 12, to alert them of the breach, target responded in three days to confirm the breach, Target reported about 40 million credit cards were stolen, about 70 million of personal records were also stolen. Events Leading to Breach Businessweek reports that hackers used the credentials of an HVAC vendor to get into Targets network, and spent several weeks installing the malware. hackers then sent the malware to the 1,797 stores owned by Target and got them installed on cashier stations, the malicious codes, will...
Words: 588 - Pages: 3
...Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Case Study: Critical Controls that Could Have Prevented Target Breach In December 2013 over 40 million credit cards were stolen from nearly 2000 Target stores by accessing data on point of sale (POS) systems. This paper will explore known issues in the Target breach and consider some of the Critical Controls that could have been used to both prevent this breach and mitigate losses. AD Copyright SANS Institute Author Retains Full Rights Case Study: Critical Controls that Could Have Prevented Target Breach GIAC (GSEC) Gold Certification Author: Teri Radichel, teri@radicalsoftware.com Advisor: Stephen Northcutt Accepted: August 5th 2014 Abstract In December 2013 over 40 million credit cards were stolen from nearly 2000 Target stores by accessing data on point of sale (POS) systems. This paper will explore known issues in the Target breach and consider some of the Critical Controls that could have been used to both prevent this breach and mitigate losses. From what is known about the Target breach, there were multiple factors that led to data loss: vendors were subject to phishing attacks, network segregation was lacking, point of sale systems were vulnerable to memory scraping malware and detection strategies employed by Target failed. A possible solution for preventing and mitigating similar breaches using a defense in depth ...
Words: 8983 - Pages: 36
...Consulting Company is a team of professional project managers, who are hired to assist organizations with known network integrity issues after a cyber attack or data breach. The Greet Team is an investigative firm that specializes in a high quality, detailed analysis of the breach, development of a project mitigation plan, evaluation of any legal implications that may result in the future, and implementation strategies of new systems and workflows that will ensure future network security. Walter Harris, the Chief Operations Officer of the Food and Drug Administration or FDA, has contracted with the Green Team after a critical data breach that exposed confidential information. The data that was exposed includes but is not limited to: employee records, new pharmaceutical drug proposals, clinical trial results, and complaints filed about products the FDA regulates. The three main goals of this project will be to target the cause of the data breach, review the consequences this breach will have on vendors, employees and products that were exposed, and implement upgrades, patches, or new software and procedures within the FDA to ensure prevention of the issue in the future. In the Discovery phase of this project, Green team members on the Data Breach Resolution team will begin the investigation as to why and how this breach may have happened. The goal in the Discovery phase...
Words: 2776 - Pages: 12
...[pic] Incident Response Plan Template for Breach of Personal Information Notice to Readers Acknowledgments Introduction Incident Response Plan Incident Response Team Incident Response Team Members Incident Response Team Roles and Responsibilities Incident Response Team Notification Types of Incidents Breach of Personal Information – Overview Definitions of a Security Breach Requirements Data Owner Responsibilities Location Manager Responsibilities When Notification Is Required Incident Response – Breach of Personal Information Information Technology Operations Center Chief Information Security Officer Customer Database Owners Online Sales Department Credit Payment Systems Legal Human Resources Network Architecture Public Relations Location Manager Appendix A MasterCard Specific Steps Visa U.S.A. Specific Steps Discover Card Specific Steps American Express Specific Steps Appendix B California Civil Code 1798.82 (Senate Bill 1386) Health Insurance Portability and Accountability Act of 1996 (HIPAA) Gramm-Leach-Bliley Act (GLBA) Appendix C Escalation Members (VP Level of Management) Auxiliary Members (as needed) External Contacts (as needed) Notification Order Escalation Member Notification List Notice to Readers Incident Response Plan – Template for Breach of Personal Information does not represent an official position of the American Institute...
Words: 8476 - Pages: 34
...Atlanta based processing firm had a data breach which was first announced in April of 2012. Global payments serve as a middleman between merchants and banks and process payments for visa and MasterCard. It is one of the world’s largest electronic transaction processing companies. This security breach may have compromised millions of debit and credit cards. According to Brian Krebs this shady activity was discovered in early March, though the break is suspected to have occurred between January 21 and February 25. The Global Payments stock fell more than 9 percent on news of its involvement in the data breach before trading on it was halted about noon. Both MasterCard and Visa were quick to assure customers that their own systems remained safe and that they had alerted banks to any potential problems. Global payments said it had determined early March that “card data may have been accessed.” It said the company officials immediately contacted federal law enforcement, brought in information technology forensics experts to investigate and notified “appropriate industry parties to allow them to minimize potential cardholder impact.” “It is reassuring that our security processes detected an intrusion. It is crucial to understand that this incident does not involve our merchants or their relationships with their customers,” Global Payments chief executive Paul Garcia said. Visa and MasterCard determine the extent of a possible security breach at a third-party vendor that experts...
Words: 1232 - Pages: 5
...data storage options for the industry will be discussed alone with the functions and which provides the best possible support for the industry overall. Cyber Security in Business Organizations 3 Due to the increased use of information and communication technologies in business organizations to today, the incidents of computer abuse has increase exponential. It has become increasingly difficult to protect customer information and company asset. Some of the challenges in security business organization have when it comes to breach includes the following: unauthorized users get access to computer systems and disclose confidential information, unauthorized users change the information held in computer and server systems, unauthorized users copy information that resides in a computer system or while the data is in transmission mode. “Herley In many forms of non-financial cybercrime the attacker succeed once he gains access. Often getting the celebrity’s password, control of the Webserver, or the file of customer records is the end; once he is in he is done. A few...
Words: 1200 - Pages: 5
...members are scurrying around to find out what happened and why. They questi8on each other as to what caused the data breach, how do we fix it, who is responsible, and do we notify our customers, investors, and shareholders. At Flayton’s, there has been a possible data breach. Their main concern tramples on what is their obligation to their customers to protect their private data. Next, they want to know how to notify their customers of the potential security breach. Then, they want to know if Flayton Electronics’ brand has been damaged by the security breach. Finally, Flayton needs to put in place procedures to prevent future security breaches. Evaluate the obligation Flayton Electronics has to its customers to protect their private data. Flayton Electronics must do everything in their power to protect their customers’ private data. Flayton had implemented a PCI system; however, the system was only running at 75% when it should have been at 100%. There was also a problem with their firewall. Sergei stated that they had to keep turning the system on and off because of glitches. The American Heritage Dictionary (2012, No.2) states a firewall as, “Anny of a number of security schemes that prevent unauthorized users from gaining access to a computer network or that monitor transfers of information to and from the network.” In order for a PCI system to run effectively and efficiently, a firewall must be installed and maintained. In Flayton’s case, the firewall was...
Words: 1706 - Pages: 7
...Information Security Detroit Hospital Security Breach CMGT441 John Ebel May 18, 2014 Information Security Detroit Hospital Security Breach Security breaches can be a detrimental to any company, especially if the breach brings out sensitive information belonging to individuals. Sensitive information is as simple as a name, dates of birth, personal records, or any other type of personal information that is able to be used by someone to defraud any other individual or a business. The impacts of such a security breach like the one that occurred at the Henry Ford Health Systems hospital in Detroit, Michigan when a laptop was used to store data that was compiled on a spreadsheet that was not encrypted. This is just one example, though there were a few incidents at this hospital where data was stolen. Incident Background A laptop was stolen from an office at the Henry Ford Health System hospital, the laptop did contain password protection software but it was standard protection that could easily be broken by anyone that knew their way around a computer slightly. The information on the laptop didn’t include social security or health insurance information, but it did have “patient names, medical record numbers, dates of birth, telephone numbers, e-mail addresses, and treatment and doctor visits” (Moscaritolo, 2010, p. 1). The laptop is thought to have had about 4,000 patient’s information, and all records were related to services that were done over the past eleven...
Words: 948 - Pages: 4
...Opportunities LAW/531 Introduction Contracts are a binding, critical part of any business deal between two or more parties. Because of the binding promise between these parties it is important that the contract is clearly worded, negotiated if-need-be, and reviewed before they are signed by all applicable parties. Cheeseman (2010) stated “A contract is a promise or a set of promises for the breach of which the law gives a remedy or the performance of which the law in some way recognizes a duty” (Chpt 9, Para 2). The following Memo will identify the legal issues presented in the Contract Creation and Management Simulation as well as identify what a manager may do to avoid theses risks and minimize liabilities. Business Memo -- Confidential TO: Project Leadership Team Span Systems – Kevin Grant, Harold Smith FROM: Mike Myers, Project Manager Span Systems DATE: 03/20/2011 SUBJECT: Contract Risk and Opportunities between Span Systems and Citizen-Schwarz AG CC: Board directors The one-year contract written between Span Systems (Span) and Citizen-Schwarz AG (C-S) to develop banking software has recently met with some serious concern regarding if it can remain intact as it currently stands. Recently Leon Ther: the IT outsourcing director of C-S sent a letter stating that “C-S cannot afford scheduled slips because of its deadlines for the release of transaction software in the market” (Simulation, 2011). In the...
Words: 1427 - Pages: 6
...The article, Hackers Steal Card Data from Neiman Marcus, was written in an attempt to inform readers of the incident regarding a data breach attack that occurred at Neiman Marcus, the high end brick and mortar retail store, which was detected in mid-December. In response to inquiries about a data breach which involved consumer’s payment card information, Neiman Marcus acknowledged that it is working with the United States Secret Service to investigate a breach that has exposed an unidentified number of customers (Krebs, 2014). Krebs’ Sources from the financial industry reported that there have recently been a rising number of fraudulent payment card charges that were occurring at numerous stores; however the common point of purchase for the fraudulent activity was at Neiman Marcus. The author then proceeded to contact Neiman Marcus, seeking conformation of if there was a breach or not. Ginger Reeder, Spokesperson for Neiman Marcus, explained that a lot of the information on the breach is unknown, because the forensics team that was hired has not completed their investigation on the breach; however she mentioned that there is no evidence that online customers were also affected by the data breach. Eventually Neiman Marcus released a formal disclosure which notified clients that the company was contacted by its credit card processor to notify the, that there was a possibility of fraudulent payment card activity that occurred subsequent to client purchases at their stores. Neiman...
Words: 2330 - Pages: 10
...Target Credit Card Breach It was the holiday season of 2013. It is the busiest time of the year for retail. Everybody is pretty much out and about doing their Christmas shopping for their families and friends. Lots of people especially women don’t carry a lot items on them when they go shopping. Bank debit cards have replaced the checkbook and cash because people don’t want to carry cash or a checkbook when they go out shopping. They only want to carry their driver’s license, a bank card, and a credit card or two. While carrying less can be more convenient for people, it’s not always a safe thing to do. People are not aware that making purchases with a credit card or a bank card can have some repercussions. Today’s technology for making purchases is great because it’s quicker and more convenient but at the same time it can be dangerous in the wrong hands. It happened with Target, which is the 2nd largest discount retailer in the country behind Walmart. In December of 2013, right in the middle of the holiday season, Target announced that there was a data breach involving millions of credit and debit card records. The breach may have taken place between November 27 and December 15. It is unknown which Target locations in particular were affected by the data breach. It was assumed that all Target locations were impacted and involves the theft of data stored on the magnetic stripe of cards used at the stores. Hackers stole personal information including names, phone...
Words: 657 - Pages: 3
...Two outstanding issues that could ensue are those of breach and frustration of a contract. A breach is an infraction of either the law or an obligation created through a contract (Bullon, 2003). A breach of contract arises when there is a violation of a contractual obligation through failure by a party to perform their own promise, or by repudiating the agreement, or even an interference with another party’s performance of their obligations (Garner, 2004). Breach of contract arises because Big Bank would be claiming that Systems Inc failed to honour their obligations within the agreed timelines. Frustration of a contract arises when the circumstances in which the contract is to be performed change very drastically out of certain unanticipated factors (Hodgin, 2006). When a contract is frustrated, the party seeking to rely on the frustration gets their duties discharged so that the contract becomes terminated (Jackson, 2006). The contract only becomes frustrated where it is demonstrated that its performance is impossible, as opposed to being onerous in nature as was so asserted in Paradine v Jane (1647) Aleyn 26; Sty 47. Frustration arises as a defense for Systems Inc because the company would be seeking to purge off the blameworthiness for Big Bank’s decision to rescind the contract. To prove this, it is highly probable that Systems Inc would point out the fact that the inability to change the data fields arose from the impossibility to contact Glenda Givealot who was...
Words: 657 - Pages: 3
...agreement dispute between Span Systems, an e-banking software developer and their client Citizen-Schwarz AG (C-S), a German bank, financial institution whose main purpose of procuring the software is to enter the United States retail financial services market (UOPX Website). The simulation presented both side of the dispute between these two companies. The most important issue is to settle the dispute amicably without terminating the contract. As observed on the simulation, eight months into the project, the client C-S was ready to end their agreement. Breach of contract under internal escalation procedure for dispute implemented as an amendment clause. The amended clause specified that both parties should establish a specialized committee to monitor the progress of the project. Citizen-Schwarz claims that Span Systems performance as below satisfactory and behind schedule. For lack of legal understanding, C-S believes that they have the right to have Span Systems unfinished work transferred over and terminate their contract. Span Systems claimed that the performance issues and project delays are as a result of constant changes requested by Citizen-Schwarz in regard to creation of the transaction system. Span Systems also believes that C-S has violated the contract because of the project has deviated greatly from the original. C-S was possibly trying to distribute Span Systems unfinished code to another software developer, which was another breach in contract violation. As in...
Words: 1238 - Pages: 5