A user has reported inadvertently sending an encrypted email containing PII to an incorrect
distribution group. Which of the following potential incident types is this?
A.
Data sharing
B.
Unauthorized viewing
C.
Data breach
D.
Unauthorized access
This would be data breach, because if unauthorized viewing was correct, then by that standard, unauthorized access is also correct because now that company has access to those files.. SO the answer most definitely is Data Breach.
0
0
I agree. It’s Data Breach
0
0
I agree. The answer most definitely is Data Breach for the reasons above explained.
In addition to that, the user sent the encrypted email to recipients who could actually decrypt it. This means that the recipients had the proper keys to view the emails content, hence they were in fact authorized to view it.
Also, authorization to read the content is implied by the sheer fact that the user sent the email in the first place. (Why send an email to someone unless you expect that someone to view it?)
The user found out AFTER the event that he sent the PII inadvertently (i.e. he was not aware he did it= without his knowledge). But he sent it nevertheless. In addition to that, there is no reason to believe that the recipients knew that the email was sent inadvertently when they viewed it.
So this constitutes a data breach: An incident wherein information is stolen or taken from a system without the knowledge or authorization of the system’s owner.
0
0