Read Breach Report

Organizations that experience security breaches sometimes release public reports aimed at helping the wider security community understand what happened and hopefully learn from the experience. These reports are sadly not common, but they are very interesting and educational to read.

Steps

1. Pick a data breach report to read, the following are good options but you can pick any you like.
   • British Library - October 2023 breach
   • Troy Hunt’s write-up of the Disqus Data Breach
   • Heartland Payment Systems - August 2009 breach written by Federal Reserve Bank of Philadelphia
   • US FTC charges against Snapchat (Counts 1, 2, and 6) - technically this is a legal document, but it has lots of technical details.
2. Read the Executive Summary or Introduction and at least one other section.
3. Optionally, you can search for the breach in the news if you are not already familiar with it.
4. Complete self-reflection questions

Reflection questions

• State what data breach report you read.
• What attack was used in the breach?
• What did you learn about how attackers hack companies?
• What did you learn about how defenders protect companies?