I have never experienced a breach in organizational data or information system. However, I have known a case where some of the sensitive data from a facility was breached in my region. So, I will use this case instead, but I would not mention the name of the organization and those who are affected in detail.
How it happened: Identifiable information including the person’s full name, parent’s name, national registration number, as well as estimated location was breached by a malicious user. And those data were shared publicly through social media including Facebook. An investigation committee was established and found out that an executive member of the information system shared the data using a social messaging application to one of the staff for matter. However, the end user forwarded it to the one who are seeking that information outside of the organization and used it to blackmail and dis-credit the organization.
The impact: It led to the flooding of messages from the affected persons and temporary shutdown of the whole facility. Even though an investigation committee found out the culprit who forwarded the message to the person outside of the organization and hold the person accountable, the image of the organization was shattered and many people stopped using the facility, and finally led to the closure of the facility.
How to prevent it: Firstly, sending messages across the social media without any encryption method should be avoided. Additionally, sending the raw data that contains sensitive information should not be done without proper security protocols. Both the primary sender and the culprit who forwarded to the malicious person are responsible in this case. Secondly, it highlights that the organization itself is responsible as it does not have proper security protocol and data sharing policy. So, to prevent this type of incident from happening, we need to keep in mind the importance of having the security protocols, data protection policy, limiting the access of information, and sharing only minimum information. Organizations as well as their members should be aware of those protocols and procedures when sharing sensitive information. Providing session on digital security and policy briefing is also an effective way to prevent such incidents from happening again.