| Recurring |
unknown |
(a) The software failure incident related to GoGet's data hack does not indicate a similar incident happening again within the same organization [67699].
(b) The software failure incident related to GoGet's data hack does not mention a similar incident happening at other organizations or with their products and services [67699]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in this case can be attributed to the design phase. The incident occurred when a 37-year-old man accessed GoGet's fleet booking system and downloaded customer identification information from the database, using it to steal and return 33 cars between May and June 2017. This breach was a result of a vulnerability in the system's design that allowed unauthorized access to sensitive customer data [67699].
(b) The software failure incident can also be linked to the operation phase. The delay in notifying customers about the breach was due to advice from the police that earlier notification could jeopardize the investigation. This decision to delay informing affected customers was an operational aspect influenced by law enforcement considerations rather than immediate customer protection [67699]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident in the article was primarily due to factors originating from within the system. The incident involved a data hack where a 37-year-old man accessed GoGet's fleet booking system and downloaded customer identification information from the database, using it to steal and return cars. This breach of customer data was a result of a vulnerability within GoGet's system that allowed unauthorized access to sensitive information [67699].
(b) outside_system: There is no explicit mention in the article of the software failure incident being caused by contributing factors originating from outside the system. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case was primarily due to non-human actions. A 37-year-old man accessed GoGet's fleet booking system and downloaded customer identification information from the database, using it to steal and return 33 cars between May and June 2017. This unauthorized access and data breach were not directly caused by human error but rather by the actions of an external individual [67699].
(b) Human actions also played a role in this incident. The delay in notifying customers about the breach, which lasted nearly seven months, was a decision made by the company. The GoGet chief executive mentioned that they received advice from the police that notifying affected customers sooner may have jeopardized the investigation. This decision to delay informing customers was a human action that impacted the handling of the software failure incident [67699]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident in the article was not directly attributed to hardware issues. The incident involved a data hack where a man accessed GoGet's fleet booking system and downloaded customer identification information from the database, leading to the theft and return of 33 cars. The breach was a result of unauthorized access to the software system rather than hardware failure [67699].
(b) The software failure incident in the article was primarily due to contributing factors originating in software. The breach occurred when a man accessed GoGet's fleet booking system and downloaded customer identification information from the database, indicating a vulnerability or flaw in the software system that allowed unauthorized access and data theft [67699]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in this case was malicious. A 37-year-old man was arrested for accessing GoGet's fleet booking system and downloading customer identification information from the database with the intent to steal and return cars. The man was charged with unauthorized access and taking and driving a conveyance without the owner's consent, indicating a malicious intent to commit a serious indictable offense [67699].
(b) The incident was not non-malicious as it involved intentional unauthorized access and theft of customer information and cars, demonstrating malicious behavior by the perpetrator. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident in this case seems to be more aligned with poor_decisions. GoGet waited nearly seven months to advise customers about the data hack, which could be considered a poor decision in terms of timely communication and customer notification [67699]. Additionally, the decision to delay notifying affected customers was based on advice from the police that earlier notification may have jeopardized the investigation, which could also be seen as a questionable decision in terms of balancing customer privacy and investigation needs. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident in the article can be attributed to development incompetence. The incident involved a data hack at the car-sharing company GoGet, where a 37-year-old man accessed the company's fleet booking system and downloaded customer identification information from the database. This breach occurred due to a vulnerability in the system that allowed unauthorized access to sensitive customer data. The delay in notifying customers about the breach was also a result of decisions made by the company based on advice received from the police, indicating a lack of proactive measures to address the security issue promptly [67699].
(b) There is no indication in the article that the software failure incident was accidental. The incident was a deliberate data hack carried out by an individual who accessed and downloaded customer information from GoGet's database with the intent to commit a crime. The actions of the perpetrator were intentional and not accidental, leading to the compromise of customer details [67699]. |
| Duration |
temporary |
The software failure incident reported in Article 67699 was temporary. The incident involved a data hack where a 37-year-old man accessed GoGet's fleet booking system and downloaded customer identification information from the database, using it to steal and return 33 cars between May and June 2017. GoGet became aware of the breach in late June and alerted the police. The investigation was kept under wraps while the police attempted to determine if the man was working alone. The company received advice from the police that notifying affected customers sooner may have jeopardized the investigation, indicating a temporary nature of the incident [67699]. |
| Behaviour |
other |
(a) crash: The software failure incident in the article does not involve a crash where the system loses state and does not perform any of its intended functions. [67699]
(b) omission: The software failure incident in the article does not involve a failure due to the system omitting to perform its intended functions at an instance(s). [67699]
(c) timing: The software failure incident in the article does not involve a failure due to the system performing its intended functions correctly, but too late or too early. [67699]
(d) value: The software failure incident in the article does not involve a failure due to the system performing its intended functions incorrectly. [67699]
(e) byzantine: The software failure incident in the article does not involve a failure due to the system behaving erroneously with inconsistent responses and interactions. [67699]
(f) other: The software failure incident in the article involves a data hack where a man accessed GoGet's fleet booking system and downloaded customer identification information from the database, using it to steal and then return cars. This incident is more related to a security breach rather than a specific software behavior like crash, omission, timing, value, or byzantine behavior. [67699] |