Is A Data Breach A Life Or Death Situation?

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://datalossdb.org/incident_highlights/55-is-a-data-breach-a-life-or-death-situation

2012-12-13 by eabsetz

Most people would agree that security is important; however, many
would have a hard time saying that a data breach could be a life or
death situation. Sadly, in the past few weeks there have been two
cases that may qualify for that characterization in the news.

The first case is the data breach at King Edward VII Hospital on
December 4, 2012. Two Australian radio show hosts prank called the
hospital in a joking attempt to get information on the condition of
the Duchess of Cambridge. To their surprise the nurse, who answered
the phone, fell for the hoax and provided them with information on the
Duchess's condition and care. Last Friday, Jacintha Saldanha, the 46
year old nurse who provided the information, committed suicide just
two days after news of the breach was released.

The second case involves a data breach that occurred September 28,
2012 at the University of Georgia. A former student gained
unauthorized access to a server containing 8,500 former and current
employees' names, Social Security numbers, and other sensitive
information. Still in the midst of investigation, police announced on
Tuesday that Charles Stapler Stell, the 26 year old behind the data
breach, passed away with no indication of foul play and most likely
the result of suicide.

In these two cases, the data breaches and their consequences appeared
to have pushed these individuals into a life or death decision. As the
importance of privacy and security breaches increases, we have now
seen there are potential ramifications to the people involved, more
than just notification and credit monitoring.

As breaches unfortunately become more commonplace, organizations
impacted should ensure that they not only have a response plan for
dealing with the incident, but also how to constructively handle any
employees at fault. While discipline from HR may be on the agenda,
organizations need to ensure the wellbeing of their employees as they
process their actions.

References:
http://www.bizjournals.com/atlanta/news/2012/12/11/uga-dead-former-student-responsible.html
http://www.telegraph.co.uk/news/9730305/Statement-from-the-King-Edward-VIIs-Hospital-on-the-death-of-nurse-Jacintha-Saldanha.html
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.