In this lesson, I'll discuss how data breaches are exposed. This is going to be the video for your project for this course. So by the end of the video, I want you to be able to describe how data breaches are exposed and understand how to look at data breaches in order to determine what happened. Data breaches are exposed every day. There are many different ways that information comes out. We could have a watchdog agency. Not agencies in general, but like Wikileaks for example, is a great way that information is exposed. Law enforcement quite often exposes us. FBI, if you're in the United States the FBI exposes a lot of data breaches. Additionally, the Secret Service deals with data breaches as well. It's not just an arm of the White House, it's actually an arm of computer fraud investigation. And then the company themselves also have say that,"Well, I had a data breach, I'm going to tell you about it.". The initial discovery usually happens by employees of a company. That's about 50% of the time according to some figures. Other times it's law enforcement like the Secret Service or like the other government agencies out there. Sometimes it's from the customers themselves noticing specific data is either missing from their account or has been accessed when they didn't mean to access it or they weren't the ones accessing it. And some are by service providers themselves. We have to look at what's been compromised overall in order to understand the data breach. Quite a bit of the time, we see financial data being leaked or financial data being used in certain places that it shouldn't. So what happens when law enforcement starts to receive reports, they correlate all these events together and say, "Okay, this credit card was breached here, and this credit card was breached here. And here's another coincidence and here's another coincidence. But they all actually shopped at the same location on the same day, so we probably have an issue there.". Social Security numbers fraud, for example, there are ways to look at how fraud is happening such as there are plenty of like LifeLock for example or there are some other companies out there like AllClear ID does this kind of stuff. And they're looking at where Social Security numbers are being used or who's being offered credit, for example, to start pinpointing where data breaches might have been happening. We also could see usernames or passwords dumped out on the Internet. And then of course healthcare data. We could see health care data showing up online as well. And that indicates that there's been a data breach somewhere. So the exposure is happening either very privately and being used in several different places because it's been sold or it's being made public. So let's talk about one of the larger data breaches that's more recent. Back in 2013, Target, the corporation, was breached. Attackers had performed a lot of reconnaissance prior to the attack. They looked up information on Target's vendors. And the attackers actually breached one of the providers of services to Target. In this case it was a refrigeration equipment company that had back doors or actually access into their systems. So what the attackers did is they targeted the refrigeration company and sent phishing e-mails to gain access to the third-party provider's systems and then they used that information obtained from the third-party providers to get into the more sensitive areas of Target's network. And once they started infiltrating other servers and other services, they started, the data breach got larger and larger and larger. And finally, once all the pieces came together, the attacks started. On November 27 2013, the attackers finally crafted the malware, the credit card stealing information from the point of sale terminals or the POS systems to start stealing credit card information from all the terminals. In turn, our employees were actually notified by the Justice Department and employees notified back to the Justice Department around December 13. So that was two weeks. And in the United States that was Black Friday, the largest shopping day of the year. By December 15, the attack was mitigated. So here's what I want you to do for your project. I want you to look at data breaches such as the Target data breach. And I have a great website out there. It's called privacyrights.org. And what that does is it's a real clearinghouse for all the data breaches that are happening out there and it dates back years. But what I want you to do is look at the data breaches across three different types of areas and I want you to dig in and investigate what happened. And based on the criteria that's listed in Coursera under the project, I want you to cover each of the areas and understand here's how the attack actually happened, here was the threats, here is the mitigation strategy. But since this course is really focused on the threats, specifically in the Target data breach the threat came in from an external provider that had credentials into Target's systems. So, least privilege in this case broke down. It was a threat. So as you're going through the data breaches, keep in mind specifically the threats.
