Scenario S-009 - Personal Data Leakage

Element	Description
Scenario ID	S-009
Target asset	Identity Management Platform / LDAP directory storing user accounts and personal data
Threat source	External attacker or malicious insider with network access
Attack vector	Unauthorized bulk data extraction, directory dump, or exfiltration of PII
Potential impact	Violation of GDPR, leakage of personal data, reputational damage
Likelihood	🟨 Medium - LDAP services are reachable from internal hosts and bulk exports are feasible if controls are weak
Impact rating	🟥 High - personal data exposure may result in heavy regulatory fines and loss of trust
Risk rating	🟥 High

Mitigation:

Owners:

Sec - monitoring, detection, compliance enforcement.
Ops - network segmentation, LDAP patching, and access controls.
Dev - ensure applications query LDAP securely and do not store sensitive data in clear-text.

References:

ISO 27001 - Control 5.1 Policies for information security.
ISO 27001 - Control 8.2 Privileged access rights.
ISO 27001 - Control 8.3 Information access restriction.
ISO 27001 - Control 8.16 Monitoring activities.
NIST CSF - PR.AC Access Control.
NIST CSF - PR.DS Data Security.
NIST CSF - DE.CM Continuous Monitoring.
GDPR - Art. 5 Principles relating to processing of personal data.
GDPR - Art. 32 Security of processing.
GDPR - Art. 33 Notification of a personal data breach to the supervisory authority.
GDPR - Art. 34 Communication of a personal data breach to the data subject.
EBIOS RM - Threat scenarios modeling for personal data exposure and PII compromise.

Response actions:

Containment - isolate LDAP host, revoke compromised accounts.
Investigation - determine volume and type of exfiltrated data.
Notification - report breach to supervisory authority (Art. 33 GDPR) and affected users if high risk (Art. 34).
Remediation - rotate credentials, enforce stricter access controls, review audit logs, and update monitoring rules.