BreachExchange mailing list archives
Nationwide Insurance uses lawyers to protect details of October security breach
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Wed, 3 Apr 2013 10:41:57 -0400
http://www.theverge.com/2013/4/1/4170214/nationwide-insurance-covers-massive-security-breach-details-attorney-client-privilege Nationwide Insurance wants to keep possible weaknesses in its digital infrastructure under wraps as state and federal investigators look into its October security breach that left 1.1 million Americans' information exposed. The company has hired a legal firm to conduct an investigation of the security breach, granting the results the protected secrecy of attorney-client privilege, reports The Wall Street Journal. The new practice is being adopted by many companies that have fallen victim to cyberattacks, leading some law firms to begin specializing in this type of data-breach investigation. Frequently, the legal counsel will contract a data security firm to perform the actual analysis. Nationwide's move may protect it from disclosing potentially harmful findings, but it's possible that a third-party investigation — whose results would be public, not private — could still be mandated. The company's reticence comes as the US government ispushing for greater openness from private firms as the risk of a major cyberattack rises. Nationwide may decide to share information found during the investigation, but having legal counsel will allow the company to more carefully consider any findings that it wishes to publish. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Nationwide Insurance uses lawyers to protect details of October security breach Erica Absetz (Apr 03)