A threat action where the critical data is directly provided to an unauthorized user.

This includes the following:

• Deliberate exposure: Planned way of providing critical data to an unauthorized user
• Scavenging: Scanning through leftover data in a system to gain unauthorized access to sensitive data
• Human error: This involves human interaction that unintentionally results in a user gaining access to sensitive data
• Hardware/software error: An attacker creates the failure of a service or hardware component in the hope of gaining system access