Page 103 - Cyber Defense eMagazine June 2024
P. 103

Data Spillage Incidents

            Facebook-Cambridge Analytica Data Spill

            In 2018, data of up to 87 million Facebook users was inappropriately shared with Cambridge Analytica
            (a defunct political consulting firm) for political profiling. This data spill led to investigations by regulatory
            authorities, public outrage, and heavy damage to Facebook’s prestige.

            Causes: It happened due to Facebook’s permissive data privacy policies, insufficient monitoring of third-
            party app developers, and deficiency in complying with data protection regulations.

            Learnings:  Facebook  enhanced  user  consent  mechanisms  and  strict  data  privacy  regulations  and
            applied greater transparency in data-sharing activities.

            Data Spillage at National Security Agency

            On 12th May 2013, former NSA contractor Edward Snowden spilled classified documents to journalists,
            revealing  the  surveillance  programs  of  the  NSA  and  its  international  partners.  It  became  the  most
            significant  (NSA)  leak  in  history.  The  leak  exposed  the  data  of  millions  of  individuals  from  mass
            surveillance activities worldwide.

            Causes: The data got leaked because of human error, that is, Edward Snowden leaking the information.

            Learnings: After the incident, the NSA applied severe data safety measures with an effective chain of
            command and accountability.



            Panama Papers Leak

            This data leak incident happened in 2016. Around 11.5 million documents were leaked from Mossack
            Fonseca (a Panamanian law firm), exposing the financial dealings of notable individuals and entities
            worldwide. The documents revealed offshore funds and shell companies used for tax evasion, money
            laundering, and other crimes.

            Causes: Lenient internal controls and deficient data security measures caused this data spillage.

            Learnings: Many learnings can be extracted, such as encryption of sensitive information, the importance
            of strict data management, and regular security checks to prevent unauthorized disclosures.



            NASA Laptop theft

            Another  example  of  human  error  in  data  spillage  happened  in  2011  when  an  unencrypted  laptop
            containing  the  personal  information  of  over  10,000  NASA  employees  was  stolen  from  a  NASA
            employee’s car. It contained PII (personally identifiable information), including Social Security numbers
            and command and control codes for the International Space Station.







            Cyber Defense eMagazine – June 2024 Edition                                                                                                                                                                                                          103
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   98   99   100   101   102   103   104   105   106   107   108