Incident: Incorrect Information Sent to Credit Reporting Agencies by Xerox Software.

Published Date: 2017-11-20

Postmortem Analysis
Timeline 1. The software failure incident leading to credit reporting agencies receiving incorrect information about over 1 million people happened when Xerox Business Services, LLC (now Conduent Business Services) was fined $1.1 million by the U.S. Consumer Financial Protection Bureau [65189, 65044]. 2. The incident occurred in November 2017. 3. Therefore, the software failure incident happened in November 2017.
System The software failure incident mentioned in the provided articles involved errors that led to credit reporting agencies receiving incorrect information about over 1 million people. The system that failed in this incident was: 1. Xerox Business Services, LLC (now known as Conduent Business Services) software [65189, 65044]
Responsible Organization 1. Xerox Business Services, LLC (now known as Conduent Business Services) - The software errors that led to credit reporting agencies receiving incorrect information about over 1 million people were attributed to this entity as per the news articles [65189, 65044].
Impacted Organization 1. Credit reporting agencies received incorrect information about over 1 million people due to the software errors at Xerox Business Services, now known as Conduent Business Services [65189, 65044].
Software Causes 1. Software errors that led to credit reporting agencies receiving incorrect information about over 1 million people [65189, 65044].
Non-software Causes 1. The flow of incorrect information to credit reporting agencies. 2. Security breach and hacking of Equifax Inc. [Cited Articles: 65189, 65044]
Impacts 1. The software errors led to credit reporting agencies receiving incorrect information about over 1 million people, impacting their credit reports and potentially causing financial harm [65189, 65044].
Preventions 1. Implementing thorough software testing procedures to catch and rectify any errors before deployment [65189, 65044]. 2. Conducting regular audits and quality checks on the software to ensure accurate information transmission [65189, 65044]. 3. Enhancing cybersecurity measures to prevent unauthorized access and potential hacking incidents that could lead to data inaccuracies [65189, 65044].
Fixes 1. Implementing thorough software testing procedures to catch and rectify errors before they impact data integrity [65189, 65044] 2. Conducting regular audits and quality checks on the software to ensure accurate information transmission [65189, 65044] 3. Enhancing data security measures to prevent unauthorized access and tampering with sensitive information [65189, 65044]
References 1. U.S. Consumer Financial Protection Bureau 2. Xerox Business Services, LLC (now known as Conduent Business Services) 3. Equifax Inc. 4. Credit reporting agencies 5. Lisa Lambert (Reporter) 6. G Crosse (Editor) 7. Thomson Reuters Trust Principles [Cited from Article 65189, Article 65044]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident has happened again at one_organization: The incident involving software errors that led to credit reporting agencies receiving incorrect information about over 1 million people occurred at Xerox Business Services, LLC, now known as Conduent Business Services. This indicates a recurrence of a software failure within the same organization [65189, 65044]. (b) The software failure incident has happened again at multiple_organization: There is no information in the provided articles suggesting that a similar incident has happened at other organizations or with their products and services.
Phase (Design/Operation) design (a) The software failure incident in the articles was related to the design phase. The errors that led to credit reporting agencies receiving incorrect information about over 1 million people were attributed to software errors, indicating issues introduced during system development or updates [65189, 65044].
Boundary (Internal/External) within_system (a) The software failure incident involving Xerox Business Services, now known as Conduent Business Services, leading to credit reporting agencies receiving incorrect information about over 1 million people was due to software errors within the system. The incident was a result of software errors within the system that caused the transmission of inaccurate data to credit reporting agencies [65189, 65044].
Nature (Human/Non-human) non-human_actions (a) The software failure incident in the articles was due to non-human_actions, specifically software errors that led to credit reporting agencies receiving incorrect information about over 1 million people. This indicates that the failure was a result of factors introduced without human participation [65189, 65044].
Dimension (Hardware/Software) software (a) The software failure incident reported in the articles was not attributed to hardware issues. It was specifically mentioned that Xerox Business Services, now known as Conduent Business Services, was fined for software errors that resulted in credit reporting agencies receiving incorrect information about over 1 million people. This indicates that the failure originated in the software rather than hardware [65189, 65044].
Objective (Malicious/Non-malicious) non-malicious The software failure incident reported in the articles [65189, 65044] was non-malicious. The incident was attributed to software errors that led to credit reporting agencies receiving incorrect information about over 1 million people. There is no indication in the articles that the errors were introduced with malicious intent to harm the system.
Intent (Poor/Accidental Decisions) poor_decisions (a) The software failure incident mentioned in the articles was related to poor decisions. The incident occurred due to software errors that led to credit reporting agencies receiving incorrect information about over 1 million people. This indicates that the failure was a result of contributing factors introduced by poor decisions made in the software development or implementation process [65189, 65044].
Capability (Incompetence/Accidental) development_incompetence (a) The software failure incident related to Xerox Business Services, now Conduent Business Services, being fined $1.1 million by the U.S. Consumer Financial Protection Bureau was due to software errors that led to credit reporting agencies receiving incorrect information about over 1 million people. This indicates a failure due to development incompetence, as the software errors were likely introduced due to a lack of professional competence by the organization or individuals involved in the software development process [65189, 65044].
Duration temporary The software failure incident reported in the articles was temporary. It was caused by software errors that led to credit reporting agencies receiving incorrect information about over 1 million people. The incident was not described as a permanent failure but rather as a result of specific software errors introduced by certain circumstances [65189, 65044].
Behaviour crash, omission, value, other (a) crash: The software errors led to credit reporting agencies receiving incorrect information about over 1 million people, indicating a failure in the system's performance, which could be considered a crash [65189, 65044]. (b) omission: The software errors resulted in the omission of correct information and the transmission of incorrect data to credit reporting agencies, impacting over 1 million individuals [65189, 65044]. (c) timing: There is no specific mention of timing-related failures in the articles. (d) value: The software errors caused the system to provide credit reporting agencies with incorrect information, indicating a failure in performing its intended functions correctly [65189, 65044]. (e) byzantine: There is no indication of byzantine behavior in the articles. (f) other: The software errors led to the transmission of incorrect information to credit reporting agencies, affecting a significant number of individuals. This could be considered a failure in data integrity and accuracy, falling under the "other" category [65189, 65044].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, non-human (a) death: There is no mention of any deaths resulting from the software failure incident in the provided articles [65189, 65044]. (b) harm: There is no mention of physical harm to individuals resulting from the software failure incident in the provided articles [65189, 65044]. (c) basic: There is no mention of people's access to food or shelter being impacted due to the software failure incident in the provided articles [65189, 65044]. (d) property: The software errors led to credit reporting agencies receiving incorrect information about over 1 million people, indicating that people's data was impacted due to the software failure incident [65189, 65044]. (e) delay: There is no mention of people having to postpone an activity due to the software failure incident in the provided articles [65189, 65044]. (f) non-human: The software errors affected the flow of information to and from credit-reporting agencies, impacting the accuracy of data related to individuals [65189, 65044]. (g) no_consequence: There were observed consequences of the software failure incident, as it led to credit reporting agencies receiving incorrect information about over 1 million people [65189, 65044]. (h) theoretical_consequence: There were no theoretical consequences discussed in the articles that did not occur [65189, 65044]. (i) other: The articles do not mention any other specific consequences of the software failure incident beyond the impact on credit reporting agencies and individuals' data [65189, 65044].
Domain finance (a) The software failure incident reported in the articles is related to the finance industry. The incident involved software errors by Xerox Business Services, now known as Conduent Business Services, which led to credit reporting agencies receiving incorrect information about over 1 million people [65189, 65044]. This incident resulted in a fine of $1.1 million imposed by the U.S. Consumer Financial Protection Bureau. Therefore, the failed system was intended to support the finance industry.

Sources

Back to List