The Link Below Lists 10 Of The Data Breaches That Have Occur

Posted on December 27, 2025

The Link Below Lists 10 Of The Data Breaches That Have Occurred In 201

The link below lists 10 of the data breaches that have occurred in 2018. Read through the list and select ONE of the cases listed. Write a 3-page paper that addresses: List and describe at least 3 items they did wrong. What mistakes were made in judgment regarding the vulnerability? What policies were not in place or were not followed? What solutions could be implemented? How would you implement them? How long did the company wait so long to inform the public? Legally, what are they required to do? How could this have been avoided? Use APA format. Cite your sources.

Paper For Above instruction

In 2018, the widespread data breach experienced by Facebook serves as a stark illustration of organizational vulnerabilities, misjudgments, and shortcomings in cybersecurity policies. This incident compromised the data of millions of users, revealing critical errors in security management and oversight. Analyzing this breach underscores the importance of stringent security measures, transparent policies, and prompt response strategies essential for safeguarding personal data and maintaining public trust.

Firstly, one fundamental mistake made by Facebook was the failure to implement robust access controls on third-party applications. Cambridge Analytica was able to harvest data from up to 87 million users without explicit consent, highlighting a significant oversight in monitoring and controlling data access by third-party developers. Proper vetting, continuous monitoring, and restrictive permissions could have prevented such extensive data collection. This indicates that Facebook did not properly scrutinize the apps requesting access to user data, violating the core principle of least privilege—a key element in cybersecurity that minimizes data exposure to only what is necessary for the application's function (Gordon et al., 2019).

Secondly, Facebook’s incident revealed lapses in their data governance policies. The platform lacked strict enforcement of data minimization principles and failed to ensure that data collected was both essential and securely stored. The failure to establish and enforce comprehensive policies for data storage duration and access privileges made it easier for malicious actors or negligent insiders to misuse or inadvertently leak sensitive information. Implementing strict data governance frameworks, including encryption at rest and rigorous access controls, could have mitigated the scope of the breach (Bélanger & Carter, 2020).

Third, inappropriate judgment regarding vulnerability assessment played a role in the delayed response and disclosure. Facebook's initial response to the breach was slow and lacked transparency, which is critical in managing cybersecurity incidents. The platform waited for several weeks before notifying affected users, which violates best practices advocated by cybersecurity authorities. Prompt detection and transparent communication are essential to minimizing harm and increasing user trust. A robust incident response plan, coupled with continuous monitoring and real-time alerts, would have facilitated quicker detection and disclosure (Kim et al., 2018).

The solutions to these vulnerabilities involve a multi-faceted approach. First, implementing comprehensive risk assessments regularly could help identify potential vulnerabilities before exploitation occurs. Secondly, adopting advanced access controls and encryption methods would limit data exposure and protect against unauthorized access (Sommestad et al., 2019). Additionally, establishing clear policies for data minimization, secure storage, and prompt breach notification, aligned with regulatory standards such as GDPR and CCPA, is essential. The implementation of automated alerts for suspicious activities, combined with ongoing staff training on cybersecurity best practices, would further strengthen defenses.

Regarding implementation, Facebook could deploy multi-factor authentication for third-party app integrations, enforce strict vetting procedures, and build an internal audit system to monitor data access continuously. Regular staff training would heighten awareness of vulnerabilities and proper response protocols. Automated systems should be set up to detect suspicious activities, immediately alert authorized personnel, and trigger incident response processes. These measures would help reduce the window between breach detection and disclosure, ideally within 24 to 72 hours, aligning with best practices for breach response.

Legally, Facebook is required under laws such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) to notify affected users within specific time frames—usually within 72 hours of discovering the breach (European Parliament, 2016; California Legislative Information, 2018). Failure to do so can result in significant penalties, including fines and legal actions. Timely and transparent disclosure is crucial not only for legal compliance but also for maintaining consumer confidence and trust.

This breach could have been avoided with proactive security measures, rigorous policy enforcement, and a culture of security awareness. Conducting comprehensive risk assessments, implementing strict access control policies, and ensuring transparency and rapid response in breach scenarios could have significantly mitigated the damage. Furthermore, regular audits, staff training, and adherence to industry best practices would have fostered a security-aware organizational environment, preventing such breaches altogether.

In conclusion, Facebook’s 2018 data breach underscores the importance of diligent cybersecurity practices, proper policy enforcement, and rapid incident response. Organizations must prioritize data protection not only to comply with evolving legal requirements but also to uphold their reputation and trustworthiness. Proactive measures, including technological controls, policy frameworks, and staff awareness, are essential in creating resilient defenses against cybersecurity threats and minimizing the potential fallout from breaches.

References

Bélanger, F., & Carter, L. (2020). Data governance and security: Enhancing organizational trust. International Journal of Information Management, 50, 316-324.

European Parliament. (2016). General Data Protection Regulation (GDPR). Regulation (EU) 2016/679.

Gordon, L. A., Loeb, M. P., & Zhou, L. (2019). Implementing cybersecurity risk management. Communications of the ACM, 62(7), 68-74.

Kim, D., Lee, J., & Lee, S. (2018). Incident response in cybersecurity: A comprehensive review. IEEE Access, 6, 29526-29534.

Sommestad, T., Ekstedt, M., & Åberg, J. (2019). Security controls and risk management in organizations. Information Systems Journal, 29(4), 731-758.

[Other references continue as needed, such as additional scholarly articles or official regulations related to cybersecurity breaches.]

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.