2173 Salk Avenue, Suite 250 Carlsbad, CA

support@assignmentprep.info

How did this breach occur?

September 11, 2021
Christopher R. Teeple

Overview
In this module, you learned about some of the common attacks affecting businesses and organizations and the defenses they must put in place to reduce the risk to their systems and to any private information that should not be publicly accessed. Security controls take many forms and can be categorized into three main groups: administrative, technical, and physical controls. As you also learned, you can have a control in each group protecting the same asset, meaning you have layered your defenses.
In this activity, you will read about how First American Financial Corporation (FAF) exposed over 85 million records on its public website in 2019. Not only were these records exposed, but the company was not aware of the breach until it was notified by renowned security expert Brian Krebs.
For this week’s activity:
Read the case study and the articles provided in the Supporting Materials section.
Consider ways in which First American Financial Corporation could have proactively defended against the record breach.
Respond to the provided case study questions.
Prompt
Case Study: In 2019, one of the largest data breaches in history occurred when First American Financial Corporation, a real estate title insurance company, exposed over 885 million records on its public website. Included in these records was information such as Social Security numbers, bank account information, images of driver’s licenses, mortgage statements, tax documents, and wire transfer records dating all the way back to 2003. The company was not aware of the problem until it was notified by security expert Brian Krebs, an outside source.
A real estate developer outside of FAF first noticed this concern when they found that anyone who knew the URL for a valid document could then access any other document simply by changing a number in the URL. The company’s website, firstam.com, was leaking hundreds of millions of private documents not intended to be viewed by just any user. This means that any individual who had previously been emailed a link from FAF could possibly gain access to a plethora of sensitive and private documents. No authentication was required in order to access these documents, nor were they protected in any other way. This left a lot of personal and private information exposed for those with malicious intent to use in nefarious ways, for example, identity theft.
When FAF was notified of the breach, it shut down its website and immediately conducted an internal review. The initial findings noted that there was a “design defect in an application that made possible unauthorized access to customer data” (Newman, 2019). The identified defect could be referred to as a business logic flaw, which is “a category of vulnerabilities specific to an application and business domain . . . [It] allows an attacker to misuse the application by circumventing the business rules of the application” (Conikee, 2019). Only a user with an appropriate link would be able to access these documents. However, a user would not be asked to verify their identity. Therefore, access was easy and unauthenticated.
References
Conikee, C. (2019, July 26). 3 takeaways from the First American Financial breach. DarkReading. https://www.darkreading.com/breaches/3-takeaways-from-the-first-american-financial-breach/a/d-id/1335278
Newman, L. H. (2019, May 24). Hack brief: 885 million sensitive financial records exposed online. Wired. https://www.wired.com/story/first-american-data-exposed/
Supporting Materials
These articles will provide you with greater insight into the scenario provided and help you prepare for your response to the case study questions:
Hack Brief: 885 Million Sensitive Financial Records Exposed Online
3 Takeaways from the First American Financial Breach
Understanding the First American Financial Data Leak: How Did It Happen and What Does It Mean?
Guidelines for Submission
Security professionals should take the time to reflect on past incidents in order to prevent similar problems from occurring. Respond to the case study questions below related to the Module Two case study. Your submission should be 1 to 2 pages, double-spaced, and submitted as a Word document (.docx). Resources must be appropriately cited using APA style. You are allowed, although not required, to use resources outside of those provided within Module One, Module Two, and the Supporting Materials section.
Your responses should be in complete paragraphs and should contain the following:
Answer all of the case study questions thoroughly and completely. Write out the questions in your submission.
Make direct connections between the issues identified in the case study and the concepts covered in the provided resources in Modules One and Two, as well as the Supporting Materials.
Support your answers with appropriate examples and facts drawn from the case study.
Use correct grammar, sentence structure, and spelling, and demonstrate an understanding of audience and purpose.
Case Study Questions
How did this breach occur? Briefly summarize the incident.
Which pillars of the CIA triad were explicitly violated, given the scenario?
What kinds of security controls could First American Financial Corporation have put in place to defend against this kind of data breach? Why
https://www.wired.com/story/first-american-data-exposed/
https://www.darkreading.com/attacks-breaches/3-takeaways-from-the-first-american-financial-breach
https://www.forbes.com/sites/ajdellinger/2019/05/26/understanding-the-first-american-financial-data-leak-how-did-it-happen-and-what-does-it-mean/?sh=7c3fe033567f

Struggling With a Similar Paper? Get Reliable Help Now.

Delivered on time. Plagiarism-free. Good Grades.

What is this?

It’s a homework service designed by a team of 23 writers based in Carlsbad, CA with one specific goal – to help students just like you complete their assignments on time and get good grades!

Why do you do it?

Because getting a degree is hard these days! With many students being forced to juggle between demanding careers, family life and a rigorous academic schedule. Having a helping hand from time to time goes a long way in making sure you get to the finish line with your sanity intact!

How does it work?

You have an assignment you need help with. Instead of struggling on this alone, you give us your assignment instructions, we select a team of 2 writers to work on your paper, after it’s done we send it to you via email.

What kind of writer will work on my paper?

Our support team will assign your paper to a team of 2 writers with a background in your degree – For example, if you have a nursing paper we will select a team with a nursing background. The main writer will handle the research and writing part while the second writer will proof the paper for grammar, formatting & referencing mistakes if any.

Our team is comprised of native English speakers working exclusively from the United States. 

Will the paper be original?

Yes! It will be just as if you wrote the paper yourself! Completely original, written from your scratch following your specific instructions.

Is it free?

No, it’s a paid service. You pay for someone to work on your assignment for you.

Is it legit? Can I trust you?

Completely legit, backed by an iron-clad money back guarantee. We’ve been doing this since 2007 – helping students like you get through college.

Will you deliver it on time?

Absolutely! We understand you have a really tight deadline and you need this delivered a few hours before your deadline so you can look at it before turning it in.

Can you get me a good grade? It’s my final project and I need a good grade.

Yes! We only pick projects where we are sure we’ll deliver good grades.

What do you need to get started on my paper?

* The full assignment instructions as they appear on your school account.

* If a Grading Rubric is present, make sure to attach it.

* Include any special announcements or emails you might have gotten from your Professor pertaining to this assignment.

* Any templates or additional files required to complete the assignment.

How do I place an order?

You can do so through our custom order page here or you can talk to our live chat team and they’ll guide you on how to do this.

How will I receive my paper?

We will send it to your email. Please make sure to provide us with your best email – we’ll be using this to communicate to you throughout the whole process.

Getting Your Paper Today is as Simple as ABC

No more missed deadlines! No more late points deductions!

}

You give us your assignments instructions via email or through our order page.

Our support team selects a qualified writing team of 2 writers for you.

l

In under 5 minutes after you place your order, research & writing begins.

Complete paper is delivered to your email before your deadline is up.

Want A Good Grade?

Get a professional writer who has worked on a similar assignment to do this paper for you