| Recurring |
one_organization |
(a) The software failure incident related to the unauthorized access of personal information due to a faulty handset being resold without being properly wiped happened at 3 Mobile. This incident involved a customer returning a faulty iPhone to 3 Mobile, which was then resold to another customer without being wiped, leading to the unauthorized access of personal photos and emails [14940].
(b) There is no information in the provided article indicating that a similar incident has happened at other organizations or with their products and services. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the article can be attributed to a design flaw introduced during the system development or maintenance phase. The incident occurred because the faulty iPhone returned by the customer was not properly wiped by the mobile network before being resold to another customer. This led to both the old and new handsets being linked to the iCloud account, allowing the new owner to access all the personal information and data uploaded by the original owner [14940].
(b) Additionally, the software failure incident can also be linked to an operational failure caused by the misuse of the system. The customer's personal information was accessible to a stranger because the faulty iPhone was not wiped properly before being resold. This operational oversight allowed the new owner to view sensitive data, including personal photos, emails, and even access to the owner's bank accounts [14940]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident in this case is primarily within the system. The failure occurred because the faulty iPhone that was returned by the customer was not properly wiped by the mobile network before being resold to another customer. This led to the new owner being able to access all the personal information, photos, emails, and other data of the original owner that were still linked to the iCloud account associated with the device [14940]. The issue of not wiping the device properly before resale was an internal system oversight by the mobile network provider, contributing to the software failure incident. |
| Nature (Human/Non-human) |
non-human_actions |
(a) The software failure incident in this case occurred due to non-human actions. The incident was a result of the faulty iPhone being resold without being properly wiped, leading to the new owner being able to access the previous owner's personal information through the iCloud account linkage [14940]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident in the article is related to hardware. The incident occurred because a faulty iPhone was returned to 3 Mobile, but it was resold to another customer without being properly wiped, leading to the new owner being able to access the original owner's personal information through the iCloud account still linked to the device [14940]. This issue stemmed from the mishandling of the hardware (iPhone) by the mobile network provider.
(b) The software failure incident in the article is also related to software. The software failure aspect is highlighted by the fact that the iCloud account was not properly disassociated from the faulty iPhone before it was resold, allowing the new owner to access personal photos, emails, and other data that were still being uploaded to Apple servers through the iCloud account [14940]. This software-related oversight led to a breach of privacy and data security. |
| Objective (Malicious/Non-malicious) |
non-malicious |
(a) The software failure incident in this case appears to be non-malicious. The failure occurred when a faulty iPhone returned by the customer was not properly wiped by the mobile network before being resold to another customer. This led to the new owner being able to access all the personal information and data of the original owner, including photos, emails, and sensitive information. The incident seems to be a result of negligence or oversight rather than a deliberate act to harm the system [14940]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident in this case appears to be related to poor decisions made by the mobile network provider, 3 Mobile. The incident occurred when 3 Mobile failed to properly wipe a faulty iPhone returned by a customer before reselling it to another customer. This led to the new owner being able to access the previous owner's personal information, including photos, emails, and other sensitive data, because the old and new handsets were still linked to the iCloud account of the original owner [14940]. The failure to adequately wipe the device before resale can be attributed to poor decisions made by 3 Mobile, which resulted in a serious breach of customer privacy and security. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident in this case seems to be related to development incompetence. The incident occurred because the faulty iPhone that was returned by the customer was not properly wiped by the mobile network before being resold to another customer [14940]. This lack of professional competence in not wiping the device led to a situation where personal information from the previous owner was accessible to the new owner, highlighting a failure in the development process.
(b) Additionally, the incident can also be attributed to accidental factors. The failure to wipe the device properly before resale can be seen as an accidental oversight by the mobile network, leading to the exposure of personal data to a stranger [14940]. This accidental mistake resulted in a breach of privacy and potential security risks for the original owner of the iPhone. |
| Duration |
temporary |
The software failure incident described in the articles seems to be temporary rather than permanent. The incident occurred due to the faulty iPhone being resold without being properly wiped, leading to the new owner being able to access the previous owner's personal information through the iCloud account link. This issue was specific to the mishandling of the faulty handset by the mobile network and the failure to disconnect it from the previous owner's iCloud account. The incident was not a permanent failure affecting all circumstances but rather a temporary failure resulting from specific circumstances related to the mishandling of the device [14940]. |
| Behaviour |
crash, omission, value, other |
(a) crash: The software failure incident in the article can be categorized as a crash. The incident involved a faulty iPhone that was returned by the customer to 3 Mobile but was resold without being properly wiped. As a result, the new owner of the iPhone could access all the personal information and updates made by the original owner through the iCloud account, indicating a loss of control and a failure of the system to perform its intended functions [14940].
(b) omission: The software failure incident can also be categorized as an omission. The system failed to omit to perform its intended function of wiping the data from the faulty iPhone before reselling it to another customer. This omission led to the new owner being able to access the personal information and updates of the original owner, highlighting a failure in the system's process of data removal [14940].
(c) timing: The incident does not directly relate to a timing failure as the issue was not about the system performing its intended functions too late or too early. Instead, the problem stemmed from the system failing to properly wipe the data from the faulty iPhone before reselling it, leading to unauthorized access by the new owner [14940].
(d) value: The software failure incident can be associated with a value failure. The system failed to perform its intended function of protecting the personal information of the original owner stored on the iPhone. This failure resulted in the new owner being able to access sensitive data, including personal photos, emails, and bank account information, indicating a failure in maintaining the integrity and confidentiality of the data [14940].
(e) byzantine: The incident does not align with a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The issue in this case was more straightforward, involving a failure to properly wipe the data from the faulty iPhone before resale, leading to unauthorized access by the new owner [14940].
(f) other: The other behavior observed in this software failure incident is a breach of privacy and security. The incident resulted in a significant privacy breach for the original owner, as personal photos, emails, and sensitive information were accessible to a stranger due to the system's failure to wipe the data from the faulty iPhone before resale. This breach highlights a critical flaw in the system's security measures and data handling processes [14940]. |