|
Post by juthi52943 on Jan 5, 2024 18:20:47 GMT -10
The attack was detected one month after the code was installed. What should you do? Due to the risk, it should be documented internally, reported to the supervisory authority and notified to data subjects. The authors of Guidelines / indicate that in such a situation, the administrator should first determine the type of attack in order to assess what measures he should take. In this particular case, the type of breach was a risk-increasing Job Function Email List factor because not only was data confidentiality compromised, but the attacker also had the means to make changes to the system consequently, data integrity also became questionable. The nature, sensitivity and quantity of personal data affected by the breach should be assessed to determine the extent to which data subjects have been affected by the breach. While this did not impact any specific categories of personal data, access to data contains a significant amount of information about individuals from web forms, and such data can be misused in many ways unsolicited marketing targeting, identity theft, etc., so the severity of the consequences should increase risk to the rights and freedoms of data subjects.
|
|