top of page
ODB top page2.jpg

Case study : Data Breach Response

UX/UI project

Duration : 4 weeks

Team project : 4 UX designers

optus letter.jpg

Context :

​

   The Australian company of telecommunication Optus experienced a data breach. In response to this problem, GA students had to design a solution to help users in the process of changing their personal details

Goals :

​

   Develop habits in working as a team, manage timeline and task-splitting to improve efficiency

​

UI challenge :

​

   Try to use responsive design on Figma

Tools : Task management : Trello

           Communication : Slack

           Design : Figma

RESEARCH

SYNTHESISE

After having synthesised the interviews answers through an affinity mapping, we identified 3 main bullet points mentioned by users

ODB - problem statement background 1.jpg

INFORMATION DELIVERY

Some customers learned in the news that they had a risk to be victims of this cyber attack and received the information from Optus only few days after. Learning this bad news like that caused a feeling of frustration to some users who felt left on their own

ODB - problem statement background 1.jpg

COMMUNICATION METHODS

The second main pain point mentioned by users was the lack of clarity and consistency regarding the messages they received from the telco company. Consequently, their questions such as "Have I been affected?" or "Hoe to replace my compromised documents?" remained without any answer, creating anxiety and disappointment.

EDUCATION & PROTECTION

Finally, more than healing a disease, isn't it more effective to prevent it? For many users, cybersecurity is not their priority and don't have enough knowledge to know what to do to protect themselves against hackers.

TASK FLOW

To have a better understanding of users' issues regarding the obtention of updates concerning their personal informations and the process of how to replace them, we established the current task flow :

1st email : Notification

ODB - task flow 1.jpg

2nd email : Confirmation

Optus website : More information

ODB - task flow 2.jpg
ODB - task flow 3.jpg

VicRoads : More information

ODB - task flow 4.jpg

VicRoads : More information

ODB - task flow 5.jpg

VicRoads : Update on license replacement

ODB - task flow 6.jpg

PERSONAS

Based on our user interviews and accordingly with the situation of hacking data, we created 2 personas which could be identified as the 2 main categories of people we interviewed, responding to different feelings, issues and goals/needs

Scenario : Ashley found out about the Optus data breach via online news. She felt concerned as there was no further information so she tried to contact Optus via phone and felt disappointed as she received a generic message. She couldn't find out what personal information was affected until a 2nd email from Optus a week later. Then she followed the directions via email to flag a drivers license replacement.

Scenario : Alex found out about the data breach in watching the news. He felt angry knowing that his personal data was not secure. After receiving 2 emails from Optus with inconsistent information, he visited in-store to clarify which information was breached. His drivers license was compromised and a new license was needed. Satisfied to finally get informations, Alex still felt anxious, wondering what future issues may arise

PROBLEM STATEMENTS

The 2 first problem statements are more related to Ashley, the tech savvy persona because it is more specific to the issue of finding and collecting information about the compromised documents and quickly solve this problem in changing these details. However, these problem statements could also be applied to someone with less knowledge in IT.

​

Alex's main concern is caused by his ignorance in cybersecurity, and would like to know how to protect his data instead of having to change them, to feel safer and reassured

ASHLEY NEEDS SIMPLE WAYS TO FIND OUT WHICH OF HER PERSONAL DOCUMENTS HAVE BEEN AFFECTED

ASHLEY NEEDS QUICK WAYS TO REPLACE HER PERSONAL DOCUMENTS AFFECTED

ALEX NEEDS WAYS TO LEARN HOW TO PROTECT HIS PERSONAL INFORMATION

SURVEY

Furthermore, and helped with the result of our research, it appeared that this project reminded us a medical case. This analogy can be explained by :​

  • The feelings of users were very similar to the ones felt by patients developing unexplained symptoms (anxiety, stress, frustration, lack of understanding,...)

​

  • The solving process looks like the same as "Finding out" would be the diagnostic, "replacing" would be like healing and "educating" the prevention

We surveyed 12 affected customers to find out which problem(s) was the most important for them. Here is what we learned :

​

  • The most important problem for them is to find out which one(s) of their personal details have been hacked. That was the answer of 5 users. Then 4 answered said that the main problem was to replace the affected documents, and 3 preferred to be educated in first.

​

  • The 2 other problems should be addressed as equal as the second part of the survey was a question about the least important problem. The result came back with an equal result for the second and third problems.

For these reasons, it has been hard to choose to solve only one problem as we considered them as parts of well-being/feeling method

IDEATION

USER FLOWS

Current user flows

​

We developed this user mixing tasks, extracting feelings and pain points creating opportunities to solve them, for both of our personas

ODB - detailed user flow.jpg
ODB - detailed user flows opportunities.jpg

Future user flows

After having identified the pain points in the first user flows, we proposed other paths in response to these problems in a kind of hub

future user flow1.jpg

Ashley needs simple ways to find out which of her personal documents have been affected

future user flow2.jpg

Ashley needs quick ways to replace her personal documents affected

Alex needs way to learn how to protect his personal informations

future user flow3.jpg

SKETCHES

ODB - sketches.jpg

CHOICE OF SUPORT : MYGOV

mygov app homepage2.jpg

After several brainstormings trying to find out which support would be the best for our solution, we finally took the decision to use the MyGov application/website as a base of development for this project, for few reasons :

​

  • Security is one of the most important feeling we want to install in users' minds, and by the process of connecting with a code sent by text added to the usual username/password, it becomes hard for hackers to get into someone's account.

​

  • It's used by pretty much everyone living in Australia (and not only citizens)

​

  • It's already been used by the Government for the Covid-19, but also for floods and other emergency plans to help people. It is a great support for collecting, centralising and delivering important information, and communicating between the Government and people

MID-FIDELITY PROTOTYPE

ODB - b&w wireframes1.jpg
ODB - b&w wireframe2.jpg
ODB - b&w wireframe3.jpg
ODB - b&w wireframe4.jpg
ODB - b&w wireframe5.jpg
ODB - b&w wireframe6.jpg

Helped by our sketches and the existing design of MyGov, we designed a first set of greyscale mid-fidelity wireframes and conducted a round of usability testing, only focused on the interactivity to complete the paths of the features we added to the original app.

FINAL PROTOTYPE

USABILITY TESTING AND FEEDBACK

We conducted 2 rounds of usability testing with 9 and then 11 people.

2 main issues have been mentioned by testers :

Issue 1

Tracking the replacement document status was complicated and confusing for the user to locate

Solution 1

  • Simplified Navigation bar

  • Changed "Dashboard" to "My account"

  • Added "Track" in menu bar

  • Added "Track progress Status" CTA

Issue 2

ODB - feedback2 1.jpg
ODB - feedback2 2.jpg

Information on how to protect yourself was not helpful enough, but served more as a reaction to the data breach that happened

Solution 2

  • Removed latest cyber security alert as it is not related to protection

  • Removed password security information

  • Updated information about "hoe to protect yourself"

  • Focused on warning signs of identity theft and how to act on it

FINAL PROTOTYPE

Here is the video of the recording of our final prototype on Figma!

SOLUTION STATEMENTS

ASHLEY NOW HAS A SIMPLE WAY TO FIND OUT WHICH OF HER PERSONAL DOCUMENTS WERE AFFECTED ON MYGOV, SO SHE CAN GET A REPLACEMENT QUICKLY

BY HAVING ALL NECESSARY LINKS TO DIFFERENT SERVICES ON MYGOV, ASHLEY NOW HAS QUICK WAYS TO REPLACE HER PERSONAL DOCUMENTS AFFECTED BY THE DATA BREACH SO SHE CAN PREVENT IDENTITY THEFT WITH THE LEAST EFFORT

BY PROVIDING INFORMATION ON HOW TO RECOGNISE IDENTITY THEFT AND HOW TO ACT ON IT, ALEX NOW HAS WAYS TO LEARN MORE ABOUT PROTECTING HIS PERSONAL INFORMATION SO HE CAN FEEL SAFE AND MOVING FORWARD

  This high fidelity prototype is a solid solution to represent ways to support Optus customers and people for future data breaches as our three problem statements have now been solved, but we can refine it in iterating the process of usability testings and feedback loop. We can also verify the tracking button for more improvement if necessary.

​

   Also, if MyGov website and application are updated, the design system set on the prototype Figma file allows us to easily change the design.

bottom of page