The correct answer is C because the scenario explicitly affects all three core security properties at once. Customer records were exposed, which means confidentiality was lost. Stored data was modified without authorization, which means integrity was compromised. Access to critical systems was disrupted, which means availability was affected. This three-part impact is the classic confidentiality, integrity, and availability model that underpins organizational information security analysis. CHFI v11 includes the impact of cybercrimes at the organizational level and expects candidates to identify not only business consequences, but also the underlying security principles directly harmed by an incident. The other choices describe real downstream effects, such as theft, reputational harm, and financial disruption, but they are consequences rather than the most direct information-security impact demonstrated by the facts in the question. In exam reasoning, when a single incident simultaneously exposes data, alters it, and interrupts access, the most accurate answer is the loss of confidentiality, integrity, and availability of information stored in organizational systems. That is the clearest conceptual match to the evidence described.