| Recurring |
one_organization |
(a) The article mentions that ADT has been accused of failing to protect customers' privacy in the past. In 2017, the company agreed to pay $16 million to settle class-action lawsuits in Illinois, Arizona, Florida, and California after it was alleged it covered up hacking vulnerabilities in its security systems. This indicates that similar incidents related to privacy breaches or security vulnerabilities have happened before within the same organization, ADT Security Services [99728].
(b) The article does not provide specific information about similar incidents happening at other organizations or with their products and services. |
| Phase (Design/Operation) |
design |
(a) The software failure incident in the article can be attributed to the design phase. The breach that allowed an ADT employee to view footage from indoor security cameras in hundreds of homes was due to a privacy breach caused by ADT not following basic security procedures [99728]. This indicates that the failure was a result of contributing factors introduced during system development or procedures to operate or maintain the system. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident reported in the article is primarily within the system. The breach that allowed an ADT employee to view footage from indoor security cameras in hundreds of homes was due to the employee's unauthorized access to more than 200 ADT Pulse accounts over a seven-year period [99728]. The failure originated from within the system as a result of inadequate security procedures and lack of safeguards to prevent unauthorized access. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case was primarily due to non-human actions, specifically a breach that allowed an employee to view footage from indoor security cameras installed in hundreds of homes over several years. The breach was a result of a loophole in the security system that was discovered when a customer found an unauthorized email among the addresses given permission to access their security system [99728].
(b) However, human actions also played a significant role in this software failure incident. The employee, identified as Telesforo Aviles, allegedly had access to more than 200 ADT Pulse accounts over a seven-year period. The lawsuits mention that ADT tried to mitigate and hide its actions by contacting affected account holders and offering monetary payments in exchange for their silence. Additionally, the technician granted himself remote access to security cameras of specific customers, such as Alexia Preddy and Shan Doty, to spy on them [99728]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in the articles is primarily related to a breach in security that allowed an ADT employee to access indoor security cameras installed in hundreds of homes over several years. This breach was due to a loophole in ADT's security procedures, allowing the employee unauthorized access to more than 200 ADT Pulse accounts over a seven-year period. The incident was not directly linked to hardware failure but rather to a failure in security protocols and access controls [99728].
(b) The software failure incident can be attributed to a failure in the software system's security measures and access controls. The breach allowed the employee to view footage from indoor security cameras, indicating a flaw in the software's authorization mechanisms. The incident highlights a failure in implementing safeguards to prevent unauthorized access to customer accounts and a lack of notifications to customers when their accounts are accessed by third parties. This points to a software-related failure in ensuring the security and privacy of the system [99728]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in Article 99728 is malicious in nature. The incident involved a breach at ADT Security Services where an employee allegedly accessed footage from indoor security cameras installed in hundreds of homes over several years with the intent to spy on individuals. The employee, identified as Telesforo Aviles, had unauthorized access to more than 200 ADT Pulse accounts over a seven-year period. This breach was not accidental but a deliberate act by the employee to view private footage from customers' security cameras [99728]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident reported in Article 99728 was primarily due to poor decisions made by ADT Security Services. The breach that allowed an employee to view footage from indoor security cameras in hundreds of homes over several years was attributed to ADT not following basic security procedures, as mentioned in a news release from the Fears Nachawati Law Firm. Additionally, ADT attempted to mitigate and hide their actions by offering affected customers monetary payments in exchange for their silence, as stated in the lawsuits filed against the company. These actions indicate poor decisions made by ADT in handling the security breach [99728]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident in the article can be attributed to development incompetence. The breach that allowed an ADT employee to view footage from indoor security cameras in hundreds of homes over several years was a result of ADT not following basic security procedures, as stated by the Fears Nachawati Law Firm in the news release [99728]. Additionally, the lawsuits mentioned that ADT failed to implement safeguards to notify customers when their accounts were accessed by third parties, indicating a lack of proper security measures in place [99728].
(b) The software failure incident was not accidental but rather a result of the security loophole that was discovered when a customer found an unauthorized email among the addresses given permission to access their security system [99728]. The breach was not accidental but a deliberate act by an employee who allegedly had access to more than 200 ADT Pulse accounts over a seven-year period [99728]. |
| Duration |
permanent |
(a) The software failure incident in this case can be considered permanent as it involved a breach that allowed an employee to allegedly view footage from indoor security cameras installed in hundreds of homes over several years [99728]. The employee, identified as Telesforo Aviles, had access to more than 200 ADT Pulse accounts over a seven-year period. This indicates a long-standing issue that persisted over an extended duration, making it a permanent failure. |
| Behaviour |
crash, omission, value |
(a) crash: The software failure incident in the article can be categorized as a crash. The breach allowed an employee to allegedly view footage from indoor security cameras installed in hundreds of homes over several years, indicating a failure of the system to maintain its intended state and not perform its functions as expected [99728].
(b) omission: The incident can also be categorized as an omission. The system omitted to perform its intended functions by failing to implement safeguards to notify customers when their accounts have been accessed by third parties, leading to unauthorized access to security cameras [99728].
(d) value: Additionally, the incident can be categorized as a value failure. The system performed its intended functions incorrectly by allowing a technician to grant himself remote access to security cameras and spy on individuals inside their homes, violating their privacy [99728]. |