Recently in October 2016, it was reported that there was a personal date breach in the Red Cross Blood Service, affecting half a million donors. (Red Cross Blood Service admits to personal data breach affecting half a million donors, 28th of October 2017, retrieved from http://www.abc.net.au/news/2016-10-28/red-cross-blood-service-admits-to-data-breach/7974036)
A file containing personal information was accessed in a insecure computer environment by an unauthorised person resulting in the personal information being leaked. The Red Cross Blood Service swiftly took action and contacted the Australian Cyber Security Centre and the Australian Federal Police, briefing them on the situation that had occurred and they shut it down as quickly as possible. The Red Cross expressed its “deep disappointment” and allowed donors at a potential risk to call a hotline to express their concerns.
It is imperative that all websites containing personal information are extremely careful in their privacy and security as if any leaks occur people can become at risk. Particular for blood donors, they must provide personal information so have no choice but to trust the privacy practices of the Red Cross. Therefore it would be good practice to ensure that authentication is limited to very few people within the organisation and have extensive security, such as high quality passwords or retina scanners in place to ensure that no one else can access this information, even in the unlikely case of human error.
The Data Mining Corporation (DMC) which collects data about individuals from hundreds of sources from sources including insurance companies, retail chains, media conglomerates, credit-reporting agencies, mobile phone companies, law enforcement agencies, customs and immigration authorities, and intelligence agencies. Once data is obtained, it then sells the aggregated data back to many of those sources.
DMC undertakes a regular monthly audit of data processing activity. However during the most recent audit, it was discovered that there had been a second back-up of data immediately after the first. This is extremely unusual, especially considering that the three staff were responsible for doing the regular back-ups that night have disappeared and cannot be tracked, even with the AmI tracking systems. Perrier, vice president for security said “The snag is that they were authorized. Quite a few employees have partial access, so if three or four with access to different bits collaborate, as these three appear to have done, they are able to get virtually full access to the data.”
From the scenario is can be concluded that DMC has been hacked by three employees due to them all receiving authorisation to access different parts of their security base, however when does simultaneously, all information could be accessed at once. However, DMC decided to hide this from the police, ultimately resulting in their downfall and legal case against them.
Ambient intelligence (AmI) refers to electronic environments that are sensitive and responsive to the presence of people. Technology is designed to support people in carrying out their general life activities, tasks and rituals.
The DMC business clearly makes a lot of money by the resale of personal information, especially considering their listing on the New York and London stock exchange, and plans in place to be registered on the Tokyo stock exchange. The officers who accessed DMC’s data base clearly had a plan to take down DMC. Their motivation is unstated however conclusions can be drawn that they wanted to take down the company, and cubically show what the company is doing illegally. Through accessing the personal informations and accounting for a second audit, they may have stolen the information then sold it to other sources to show of the seemingly illegal practices being conducted by DMC, forcing the company to crumble. The three officers knew that, if they could escape to countries without AmI technologies they could not be tracked by DMC.
DMC is clearly a market leader in obtaining personal information from individuals within the UK and US. A real life example of a company that withholds large amounts of AmI and personal information would be the Australian Bureau of Statistics.
The impact of the digital divide would be huge, completely crushing DMC and forcing a legal case upon them. No doubt that DMC did not expect this from their ‘trusted’ employees, however if they receive authentication to access these files this is an example of a serious issue that can occur.