Skip to content

Incident types (What happened technically)

Cases are tagged by incident type to support engineer-first browsing. For each type below, a short explanation is followed by a representative legal case (court or agency proceeding) with a link to a publicly available court or agency paper (opinion, order, complaint, or settlement).

Common incident types

  • Cloud misconfiguration / exposure
    What it is: Misconfigured cloud controls (e.g., permissions, network exposure, or storage settings) that allow unauthorized access or public exposure of data or systems.
    Case: In re Capital One Consumer Data Security Breach Litigation — U.S. District Court, E.D. Va., Final Order and Judgment Approving Class Settlement (Feb. 2022). See also OCC Cease and Desist Order (Capital One, N.A., Aug. 2020) for the regulator’s technology-risk and cloud-governance findings.

  • SSRF / metadata service abuse
    What it is: Server-Side Request Forgery (SSRF) or abuse of cloud metadata services (e.g., to obtain temporary credentials) that enables an attacker to reach internal resources or assume roles and access data.
    Case: Same as cloud misconfiguration above: In re Capital One Consumer Data Security Breach Litigation (E.D. Va., Final Approval Order); OCC Cease and Desist Order (Capital One).

  • Credential stuffing / account takeover
    What it is: Use of stolen or reused credentials (e.g., from other breaches) to log in to user accounts at scale, often combined with weak authentication and poor access controls.
    Case: In the Matter of Drizly, LLC — FTC Complaint (Oct. 2022); FTC alleged security failures that allowed access to consumer data; Consent Order.

  • Third-party / vendor breach
    What it is: Compromise of a service provider, supplier, or acquired entity that holds or processes the organization’s data, leading to unauthorized access or exfiltration.
    Case: In re Target Corporation Customer Data Security Breach Litigation — U.S. District Court, D. Minn., Memorandum and Order on motion to dismiss (Dec. 2014). Third-party HVAC vendor access was part of the attack path. See also Firemen’s Retirement System of St. Louis v. Sorenson (Marriott/Starwood), Del. Ch., board-oversight opinion (2021).

  • Ransomware
    What it is: Malware that encrypts or exfiltrates data and demands payment; often involves unauthorized access, lateral movement, and impact on availability and confidentiality.
    Case: In re Blackbaud, Inc., Customer Data Breach Litigation — U.S. District Court, D.S.C., Memorandum Opinion and Order on motion to dismiss (Oct. 2021), MDL No. 2972; ransomware attack and exfiltration of constituent data.

  • Business Email Compromise (BEC)
    What it is: Social engineering or account takeover aimed at tricking employees into wiring funds or disclosing sensitive information to fraudsters impersonating executives, vendors, or partners.
    Case: SEC v. Onyeachonam et al. — U.S. District Court, SEC Complaint (2024), alleging impersonation of securities professionals and fraud; BEC-style schemes are often prosecuted by DOJ/USSS with parallel or similar fact patterns.

  • Web application vulnerability exploitation
    What it is: Exploitation of flaws in web applications (e.g., injection, weak authentication, inadequate segmentation) that allow unauthorized access or data exposure.
    Case: FTC v. Wyndham Worldwide Corp. — U.S. Court of Appeals, Third Circuit, Opinion (Aug. 2015); FTC alleged unreasonable security (weak passwords, poor segmentation, clear-text card data); court affirmed FTC’s Section 5 authority.

  • Insider threat
    What it is: Misuse of access by employees, contractors, or business partners to steal, expose, or misuse data, or to facilitate external attackers.
    Case: FTC v. ChoicePoint, Inc. — FTC complaint and stipulated final judgment (2006); data broker sold sensitive data to fraudsters posing as legitimate customers; inadequate vetting and access controls.

  • Payment card / skimming
    What it is: Theft of payment card data via point-of-sale (POS) intrusion, skimming devices, or compromise of card-processing systems, often affecting retailers or processors.
    Case: In re Target Corporation Customer Data Security Breach Litigation — U.S. District Court, D. Minn., Memorandum and Order on motion to dismiss (Dec. 2014); POS breach affecting approximately 110 million individuals.

  • Logging / monitoring failures (as a central theme)
    What it is: Inadequate logging, monitoring, or detection that delays discovery of intrusions or prevents effective response and accountability; often cited alongside other control failures in enforcement and litigation.
    Case: In re Equifax Inc. Customer Data Security Breach Litigation — U.S. District Court, N.D. Ga., Final Order and Judgment (Jan. 2020); unpatched vulnerability and inadequate detection/monitoring were central to regulatory and civil resolution. See also In the Matter of Altaba Inc., f/d/b/a Yahoo! Inc. (SEC order, 2018) on disclosure controls and procedures.

Incident tags are descriptive—not a claim of root cause beyond the record.

Last updated: