
Case study : Data Breach Response
UX/UI project
Duration : 4 weeks
Team project : 4 UX designers

Context :
​
The Australian company of telecommunication Optus experienced a data breach. In response to this problem, GA students had to design a solution to help users in the process of changing their personal details
Goals :
​
Develop habits in working as a team, manage timeline and task-splitting to improve efficiency
​
UI challenge :
​
Try to use responsive design on Figma
Tools : Task management : Trello
Communication : Slack
Design : Figma
RESEARCH



SYNTHESISE
After having synthesised the interviews answers through an affinity mapping, we identified 3 main bullet points mentioned by users

INFORMATION DELIVERY
Some customers learned in the news that they had a risk to be victims of this cyber attack and received the information from Optus only few days after. Learning this bad news like that caused a feeling of frustration to some users who felt left on their own

COMMUNICATION METHODS
The second main pain point mentioned by users was the lack of clarity and consistency regarding the messages they received from the telco company. Consequently, their questions such as "Have I been affected?" or "Hoe to replace my compromised documents?" remained without any answer, creating anxiety and disappointment.

EDUCATION & PROTECTION
Finally, more than healing a disease, isn't it more effective to prevent it? For many users, cybersecurity is not their priority and don't have enough knowledge to know what to do to protect themselves against hackers.
TASK FLOW
To have a better understanding of users' issues regarding the obtention of updates concerning their personal informations and the process of how to replace them, we established the current task flow :
1st email : Notification

2nd email : Confirmation
Optus website : More information


VicRoads : More information

VicRoads : More information

VicRoads : Update on license replacement

PERSONAS
Based on our user interviews and accordingly with the situation of hacking data, we created 2 personas which could be identified as the 2 main categories of people we interviewed, responding to different feelings, issues and goals/needs

Scenario : Ashley found out about the Optus data breach via online news. She felt concerned as there was no further information so she tried to contact Optus via phone and felt disappointed as she received a generic message. She couldn't find out what personal information was affected until a 2nd email from Optus a week later. Then she followed the directions via email to flag a drivers license replacement.
Scenario : Alex found out about the data breach in watching the news. He felt angry knowing that his personal data was not secure. After receiving 2 emails from Optus with inconsistent information, he visited in-store to clarify which information was breached. His drivers license was compromised and a new license was needed. Satisfied to finally get informations, Alex still felt anxious, wondering what future issues may arise

PROBLEM STATEMENTS
The 2 first problem statements are more related to Ashley, the tech savvy persona because it is more specific to the issue of finding and collecting information about the compromised documents and quickly solve this problem in changing these details. However, these problem statements could also be applied to someone with less knowledge in IT.
​
Alex's main concern is caused by his ignorance in cybersecurity, and would like to know how to protect his data instead of having to change them, to feel safer and reassured

ASHLEY NEEDS SIMPLE WAYS TO FIND OUT WHICH OF HER PERSONAL DOCUMENTS HAVE BEEN AFFECTED

ASHLEY NEEDS QUICK WAYS TO REPLACE HER PERSONAL DOCUMENTS AFFECTED

ALEX NEEDS WAYS TO LEARN HOW TO PROTECT HIS PERSONAL INFORMATION
SURVEY
Furthermore, and helped with the result of our research, it appeared that this project reminded us a medical case. This analogy can be explained by :​
-
The feelings of users were very similar to the ones felt by patients developing unexplained symptoms (anxiety, stress, frustration, lack of understanding,...)
​
-
The solving process looks like the same as "Finding out" would be the diagnostic, "replacing" would be like healing and "educating" the prevention
We surveyed 12 affected customers to find out which problem(s) was the most important for them. Here is what we learned :
​
-
The most important problem for them is to find out which one(s) of their personal details have been hacked. That was the answer of 5 users. Then 4 answered said that the main problem was to replace the affected documents, and 3 preferred to be educated in first.
​
-
The 2 other problems should be addressed as equal as the second part of the survey was a question about the least important problem. The result came back with an equal result for the second and third problems.
For these reasons, it has been hard to choose to solve only one problem as we considered them as parts of well-being/feeling method
IDEATION
USER FLOWS
Current user flows
​
We developed this user mixing tasks, extracting feelings and pain points creating opportunities to solve them, for both of our personas


Future user flows
After having identified the pain points in the first user flows, we proposed other paths in response to these problems in a kind of hub


Ashley needs simple ways to find out which of her personal documents have been affected


Ashley needs quick ways to replace her personal documents affected

Alex needs way to learn how to protect his personal informations

SKETCHES

CHOICE OF SUPORT : MYGOV

After several brainstormings trying to find out which support would be the best for our solution, we finally took the decision to use the MyGov application/website as a base of development for this project, for few reasons :
​
-
Security is one of the most important feeling we want to install in users' minds, and by the process of connecting with a code sent by text added to the usual username/password, it becomes hard for hackers to get into someone's account.
​
-
It's used by pretty much everyone living in Australia (and not only citizens)
​
-
It's already been used by the Government for the Covid-19, but also for floods and other emergency plans to help people. It is a great support for collecting, centralising and delivering important information, and communicating between the Government and people
MID-FIDELITY PROTOTYPE






Helped by our sketches and the existing design of MyGov, we designed a first set of greyscale mid-fidelity wireframes and conducted a round of usability testing, only focused on the interactivity to complete the paths of the features we added to the original app.
FINAL PROTOTYPE
USABILITY TESTING AND FEEDBACK
We conducted 2 rounds of usability testing with 9 and then 11 people.
2 main issues have been mentioned by testers :
Issue 1



Tracking the replacement document status was complicated and confusing for the user to locate
Solution 1



-
Simplified Navigation bar
-
Changed "Dashboard" to "My account"
-
Added "Track" in menu bar
-
Added "Track progress Status" CTA
Issue 2


Information on how to protect yourself was not helpful enough, but served more as a reaction to the data breach that happened
Solution 2


-
Removed latest cyber security alert as it is not related to protection
-
Removed password security information
-
Updated information about "hoe to protect yourself"
-
Focused on warning signs of identity theft and how to act on it
FINAL PROTOTYPE
Here is the video of the recording of our final prototype on Figma!
SOLUTION STATEMENTS

ASHLEY NOW HAS A SIMPLE WAY TO FIND OUT WHICH OF HER PERSONAL DOCUMENTS WERE AFFECTED ON MYGOV, SO SHE CAN GET A REPLACEMENT QUICKLY

BY HAVING ALL NECESSARY LINKS TO DIFFERENT SERVICES ON MYGOV, ASHLEY NOW HAS QUICK WAYS TO REPLACE HER PERSONAL DOCUMENTS AFFECTED BY THE DATA BREACH SO SHE CAN PREVENT IDENTITY THEFT WITH THE LEAST EFFORT

BY PROVIDING INFORMATION ON HOW TO RECOGNISE IDENTITY THEFT AND HOW TO ACT ON IT, ALEX NOW HAS WAYS TO LEARN MORE ABOUT PROTECTING HIS PERSONAL INFORMATION SO HE CAN FEEL SAFE AND MOVING FORWARD
This high fidelity prototype is a solid solution to represent ways to support Optus customers and people for future data breaches as our three problem statements have now been solved, but we can refine it in iterating the process of usability testings and feedback loop. We can also verify the tracking button for more improvement if necessary.
​
Also, if MyGov website and application are updated, the design system set on the prototype Figma file allows us to easily change the design.