Running Header: Computer Security Breaches

Assignment 4 Computer Security Breaches Case Study Evaluation Paper

Ashleigh Fetter
27 December 2016
University of Alabama
CS 391-908
Dr. Becky Bartel

Computer Security Breaches

Computer Security Beaches Case Study Evaluation Paper

Introduction
A security or data breach is an incident in which sensitive, protected or
confidential data has potentially been viewed, stolen or used by an individual
unauthorized to do so (Rouse, 2010). Two large security breaches that have happened in
recent years include multiple breaches within Yahoo that concluded information of more
than one billion accounts was compromised. A smaller data breach in April this year
leaked 15,000 expectant parents data at the National Childbirth Trust. A data breach is
always major and includes aspects of solving why it happened and how to prevent it from
happening again.
Security Breach One: Yahoo
Who was affected and what happened?
In September of 2016, it was announced that over 500 million yahoo users
accounts were hacked in 2014. More recently it was announced that in 2013 a different
attacker compromised more than one billion accounts. The accounts that were
compromised included lots of sensitive user information, including but not limited to
name, numbers, birthdates, passwords, and security question answers.
How was it done?
The breach is still under investigation. Though, it is believed that a government
conducted it and the hacker found a way to forge credentials to log into accounts without
passwords. They apparently stole yahoos proprietary source code. With the code they
believe that the hackers created forged cookies, which got them into accounts without
passwords and allowed them to impersonate the victims. Yahoo does not know who was

Computer Security Breaches

behind the attack. In my opinion the type of perpetrator was most likely a hacker because
this perpetrator seemed to test the limits of the system and gain information. This happens
often but the risk level is minimal.
What could have prevented it?
Security was not a top priority for Yahoo before these two incidents and it clearly
should have been their very top priority. Having such big databases with tons of
information makes these companies more susceptible. Yahoo may still have a vulnerable
spot that needs to be changed for security breaches to be prevented in the future.
What steps did the responsible parties take afterwards?
Since the breach was not announced until years after the occurrence yahoo was
slow to adopt aggressive security measures (Goel and Perlroth, 2016). Yahoo did advise
all users to change their passwords and passwords of accounts tied to their yahoo
account. They also began working with top security executives to enhance their security.
Security Breach Two: National Childbirth Trust
Who was affected and what happened?
The National Childbirth Trust (NCT) revealed that they had a data breach that
compromised 15,000 new and expectant parents information. It was assured that their
sensitive and financial information was not accessed.
How was it done? Could it have been prevented?
It is unknown how the hack happened. It is known that healthcare organizations
are at increased threats for cyber attacks because they may access sensitive information
that can be sold in the underground markets. The type of perpetrator was most likely a
hacker or cracker because the resources were limited and no financial information was

Computer Security Breaches

stolen. Since it is still unknown how the hack happened, NCT has no prevention policy
published. Though we can assume that a higher amount of security knowledge in the
company and having more security technology in place would have prevented a breach
like this.
What steps did the responsible parties take afterwards?
The hack was reported to the policy and the UKs data watchdog. The letter sent
to the affected parties advised them to change their passwords as soon as possible for
precautionary measures. No big company change within the security department was
reported in the article.
Conclusion
In conclusion, both big and small hacks are huge deals because they compromise
the security of people who had given the company information that they trusted would
not be seen by unauthorized people. Luckily, as seen above, there seem to have been only
minimal consequences in relation to these two data breaches.

Computer Security Breaches

5
References

Goel, V., & Perlroth, N. (2016, December 14). Yahoo Says 1 Billion User Accounts
Were Hacked. Retrieved December 28, 2016, from
http://www.nytimes.com/2016/12/14/technology/yahoo-hack.html
MacGregor, A. (2016, April 8). Childbirth charity hack leaks 15, 000 expectant parents
data. Retrieved December 29, 2016, from
https://thestack.com/security/2016/04/08/childbirth-charity-hack-leaks-15000expectant-parents-data/
Rouse, M. (2010). What is data breach? - Definition from WhatIs.com. Retrieved
December 29, 2016, from http://searchsecurity.techtarget.com/definition/databreach