As part of our continuous effort to strengthen Information Security practices, we would like to share several recent incident scenarios observed within the organization. These cases are anonymized and intended for awareness and prevention purposes.
Incident 1: Unauthorized Access Attempt
An employee attempted to access another employee’s workstation without authorization. The attempt failed after multiple incorrect password entries, and no system access was granted.
- No data breach occurred
- However, this behavior violates security policy and poses a serious risk to Confidentiality
- Insider threat
- Unauthorized data access if successful
- Never attempt to access another person’s account or device
- Always lock your workstation when leaving your desk
- Report any suspicious behavior immediately
Incident 2: Use of Real User Data in Test Environment
During testing activities, a real dataset containing actual end-user email addresses was mistakenly used in a non-production environment. As a result, 43 real users received unintended “Welcome Emails.”
- Reputational risk to the company
- Confusion and potential loss of customer trust
- No financial or data breach impact identified
- Violation of Data Protection principles (Confidentiality & Integrity)
- Non-compliance with customer and regulatory requirements
- Always use masked/anonymized data in testing environments
- Validate test datasets before execution
- Implement approval checkpoints for UAT/FT activities
Incident 3: The migrated services from Google Cloud Platform (GCP) to AWS.
After migrating services from Google Cloud to AWS, the old cloud account was not decommissioned. Additionally, API keys were not properly secured within the project.
As a result:
- The legacy Gemini API remained active
- API keys were exposed/mismanaged
- The API was illegally accessed and abused
- Financial loss of approximately AUD 18,800
- Unauthorized usage of cloud resources
- Exposure of weaknesses in Access Control, Asset Management, and Cost Monitoring
- Compromised Confidentiality (API keys exposure)
- Loss of Integrity (unauthorized system usage)
- Always decommission unused systems/accounts after migration
- Secure API keys:
- Never hardcode in source code
- Store in secure vaults (e.g., password manager)
- Rotate keys regularly
- Implement monitoring & alerting for abnormal usage/costs
- Conduct post-migration security checklist validation
Key Takeaways for All Employees
- Follow the principle of “Least Privilege”
- Never use real customer data outside production without approval
- Always protect credentials, API keys, and access tokens
- Report incidents or suspicious activities immediately
"Security is everyone’s responsibility"