This document discusses hacking and ethical hacking. It provides an overview of different types of hackers (white hat, black hat, grey hat) and defines ethical hacking as hacking performed to help identify security vulnerabilities. It then presents a case study about a data breach at AAPT where a hacker group accessed customer data. An investigation found that AAPT failed to take reasonable security measures to protect the data, such as using an outdated version of software with known vulnerabilities. As a result, the commissioner recommended steps for AAPT to improve its security practices and audit processes.