Data Breach At MyFitnessPal

Under Armour – An Overview

Discuss about the Analysis of Security and Privacy Requirements.

Under Armour (UA) is an American Manufacturing company, which manufactures sportswear, footwear and various casual apparel (Jensen et al. 2016). The company was founded by Kevin Plank in 1996. The report is based on a major data breach that occurred to MyFitnessPal, which is the fitness application of Under Armour. The data breach that had taken place within the application was meant to steal the private data of the users of the application. This report focusses on the various data breaches that have occurred and the ways to mitigate the risks of data breaches (Romanosky, Hoffman and Acquisti 2014).

Under Armour was founded by Kevin Plank in 1996 who was a formal football player associated with the University of Maryland. The company was initially named as KP Sports. They changed their name in the year, 2005. It was believed by Plank that the potential of Under Armour was for a long term growth that could be achievable due to the ability of the company in order to build a powerful brand in the market.

Under Armour has the world’s first connected health and fitness tracker system. The name of the application of Under Armour is MyFitnessPal (McGrath and Scanaill 2013). The application consists of several facilities such as track of the sleeping activities, activity of the fitness of an individual and nutrition. The application can also support the facility of setting and reach those goals, connect with the synced devices and thus follow friends. With the help of the application, users can set their fitness goals for a particular day and thus try to achieve them. The MyFitnessPal application is available on both the IOS and Android Platform. Devices can easily connect with UA HealthBox, UA Scale, UA Band and UA HeartRate. There are many other application such as MapMyFitness in order to combine the collected data and thus this would provide a view of the activity of an individual and their progress track. Users can also share their UA Record activity with the Apple’s heath application (Laing et al. 2014).

The health and fitness application of Under Armour was hit by a data breach attack. The attack on the data of the users had affected nearly 150 million people. The investigation on the activity of the data breach had indicated that the information that was affected included the usernames of the individuals, hashed passwords and email addresses of the users. The effect of the data breach could lead to the leak of many important information of the users such as the payment details of each user (Dehling et al. 2015).

MyFitnessPal and its Features

The information security risk from the data breach on the application could lead the hackers to obtain the details of the payment of the users and other information such as their social security numbers and even their driving license numbers. The hackers could also get a hold of the bank details and the account numbers of the users. Due to this, the major risk that could have occurred is that the important documents of the users of the application would have been acquired by the hackers and hence their confidential data would have been prone to danger. These vital information could be leaked if hackers were able to penetrate into the entire system.

The IS risks that had affected the application could have a major impact on the business sector of Under Armour. It could also affect the reputation of the company. Users would not be able to keep their trust on the efficiency of the organization and thus would shift their focus on other competitors in the market. This would affect the business side of the organization as there customer base would fall down and thus their revenue would be affected (Ackerman 2013).

Audit Plan – Under Armour is an extremely successful and a powerful growing brand in the athletic clothing industry. The audit of the brand is meant to keep an overlook of the activities of the brand within the international market and the reaction of the consumers with the products offered by the brand. The main purpose of the audit is to look into the business procedures of the business and to understand their position in the international market. It is also necessary to look into the security implications that are made by Under Armour in order to ensure the confidentiality of the user data and thus secure their vital data (Gray et al. 2016).

The areas that would be needed to be outlined in the audit plan are: Promotion strategies, improvement of product categories, programs for marketing support and the security implications of the brand.

Promotion Strategies – UA also makes use of several channels in order to promote their brand in the international market. They make use of traditional and new media technology to reach out to the people. They market their products on the social media platform, online advertisements, online videos and other venues of advertising (Michaels and Greene 2013).

Improvement of Product Categories – UA has mainly focused on offering different kinds of products, which includes shoes, apparel and accessories. These products are available for all kinds of people in order to satisfy their different needs. They focus on delivering high quality products, which includes basket shoes, hiking shoes, sandals, boots, running shoes and many others. With the increase in demand of their products, UA has also expanded their lines of products in other areas that includes hunting, athletics, sports uniforms, jerseys and military wear (Biswas and Roy 2016).  

The Impact of Data Breach on MyFitnessPal

Programs for Marketing Support – The products of Under Armour are considered to be of high quality by their customers. There are a large number of products that are offered by the brand. The products of UA are sold in many places, which includes brand stores, online platforms and sporting stores. These provide a number of options and choices to the consumers. The marketing programs of UA could also be viewed on the television. The customers of UA are mostly connected with the brand on the social media platforms such as Google+, Instagram, Twitter, Facebook and many others. With the help of these kinds of marketing in the media, UA also encourages their consumers to participate in the marketing of their products.

Security Implications – Under Armour is dedicated towards securing the personal data of the user. They would only disclose the personal data of the user upon acknowledging them. The disclosure of the data of the user would be meant for the business purposes of the company. They share the personal data of the user with third parties only with the consent of the user (Zhou and Piramuthu 2014).

UA retains the personal data of the user as long as the user maintains an account with the organization. UA would provide their services to their consumers who have maintained their account with the company. They retain and thus use the personal data in order to conform to the legal obligations, enforce agreements and thus resolve any kind of disputes.

Objectives of the Audit Plan – The objectives of the plan of the audit includes the following:

• To promote their products on a wider platform in order to reach to a wide range of customers.
• To improve the categories of the products in order to satisfy the varying needs of their customers.
• To view the current marketing scenario and thus decide upon what strategy should be implemented in order to gain a higher position in the market.
• To understand the security strategies of their own organization and thus any issues if found within the security implications.

Procedures for Auditing the Selected Areas – The main procedures, which should be implemented in order to audit the selected areas are:

Promotion Strategies – In order to improve the business scenarios, UA should highly focus on promoting their products on a wide basis. They should conduct a survey of the promotional strategies that are adopted by other competitors and thus implement new ways to promote their products.

Improvement of Product Categories – The Company should conduct a survey among their new and existing customers. They should understand the choices of the customers. Based on auditing the varying choices of the customers, UA should conduct implementations on improving their products.

Programs for Marketing Support – The current marketing strategies should be taken into consideration and based upon them, UA should provide offers to their customers. They should conduct polls within their customers. This would let them to know about the ways in which their customers would adopt techniques of purchasing their products (Armstrong et al. 2014).

IS Risks and Business Impact

Security Implications – The current strategies of security should be considered. Security is a major area of concern for UA. Hence, security experts should be consulted by the team at UA in order to check the systems, which are meant to protect the data of the users (Sametinger et al. 2015).

The questions for the conduction of the audit are:

Promotion Strategies –

• What are the current strategies of promotion that are adopted by the company?
• What could be the most efficient promotion strategy that would be beneficial for the company?
• What kind of social media problems would be beneficial for the organization?

Improvement of Product Categories –

• What kind of new products could be introduced in the market?
• Are the current products being accepted by the customers and how are they impacting them?
• What could be the newest strategies that could have a major impact on the minds of the customers in order to increase the base of the customers?

Programs for Marketing Support –

• What are the current marketing scenarios in the market that are being used by other competitors?
• What kind of new marketing strategies should be implemented in order to support the organization?
• How would the new marketing strategies be beneficial for the organization?

Security Implications –

• What are the new software security trends in the market?
• What are the existing security features within the application and are they efficient enough to support the system?
• What features should be implemented in the future and what would be the benefits from those features?

As Under Armour was affected by a serious data breach in which the vital data of the users was vulnerable to attacks, hence the security team of UA should follow some recommendations that could be followed in order to prevent such future attacks.

• UA should provide privileged access to the sensitive data of their users to the third party users. They should limit the access to data. They should determine the needs of the users and should also ensure that they have access to only that information. This would benefit the client as such data breaches would be avoided (Adolph 2014)
• A previously planned data security policy should be developed in order to mitigate the risks of cyber security attacks. This kind of plan could help the organization in such critical situations and thus provide an immediate response for the support to the users. With the implication of such policies, extreme impacts of such kind of cyber-attacks would be avoided.
• UA should lock their systems with extreme sensitive passwords that would be accessible to authorized users only. The passwords should be a combination of different characters that includes alphabets, symbols, capital letters and numbers. Such kind of unique passwords would ensure that the hackers cannot break into such secure systems.
• In addition to these, a regular backup of the data and updating of the systems is necessary. Updated antivirus software would ensure that the entire system is protected on a daily basis (Rodrigues et al. 2013).

References

Ackerman, L., 2013. Mobile health and fitness applications and information privacy. Privacy Rights Clearinghouse, San Diego, CA.

Adolph, M., 2014. Big data, its enablers and standards. PIK-Praxis der Informationsverarbeitung und Kommunikation, 37(3), pp.197-204.

Armstrong, G., Adam, S., Denize, S. and Kotler, P., 2014. Principles of marketing. Pearson Australia.

Biswas, A. and Roy, M., 2016. A study of consumers’ willingness to pay for green products. Journal of Advanced Management Science Vol, 4(3).

Dehling, T., Gao, F., Schneider, S. and Sunyaev, A., 2015. Exploring the far side of mobile health: information security and privacy of mobile health apps on iOS and Android. JMIR mHealth and uHealth, 3(1).

Gray, S.E., Sekendiz, B., Norton, K., Dietrich, J., Keyzer, P., Coyle, I.R. and Finch, C., 2016. The development and application of an observational audit tool for use in Australian fitness facilities. Journal of Fitness Research, 5(1), p.29.

Jensen, J.A., Wakefield, L., Cobbs, J.B. and Turner, B.A., 2016. Forecasting sponsorship costs: marketing intelligence in the athletic apparel industry. Marketing Intelligence & Planning, 34(2), pp.281-298.

Laing, B.Y., Mangione, C.M., Tseng, C.H., Leng, M., Vaisberg, E., Mahida, M., Bholat, M., Glazier, E., Morisky, D.E. and Bell, D.S., 2014. Effectiveness of a smartphone application for weight loss compared with usual care in overweight primary care patients: a randomized, controlled trial. Annals of internal medicine, 161(10_Supplement), pp.S5-S12.

McGrath, M.J. and Scanaill, C.N., 2013. Wellness, fitness, and lifestyle sensing applications. In Sensor Technologies(pp. 217-248). Apress, Berkeley, CA.

Michaels, C.N. and Greene, A.M., 2013. Worksite wellness: increasing adoption of workplace health promotion programs. Health promotion practice, 14(4), pp.473-479.

Rodrigues, J.J., De La Torre, I., Fernández, G. and López-Coronado, M., 2013. Analysis of the security and privacy requirements of cloud-based electronic health records systems. Journal of medical Internet research, 15(8).

Romanosky, S., Hoffman, D. and Acquisti, A., 2014. Empirical analysis of data breach litigation. Journal of Empirical Legal Studies, 11(1), pp.74-104.

Sametinger, J., Rozenblit, J., Lysecky, R. and Ott, P., 2015. Security challenges for medical devices. Communications of the ACM, 58(4), pp.74-82.

Zhou, W. and Piramuthu, S., 2014, June. Security/privacy of wearable fitness tracking IoT devices. In Information Systems and Technologies (CISTI), 2014 9th Iberian Conference on(pp. 1-5). IEEE.