BreachExchange mailing list archives
Is A Data Breach A Life Or Death Situation?
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 13 Dec 2012 00:20:57 -0500
http://datalossdb.org/incident_highlights/55-is-a-data-breach-a-life-or-death-situation 2012-12-13 by eabsetz Most people would agree that security is important; however, many would have a hard time saying that a data breach could be a life or death situation. Sadly, in the past few weeks there have been two cases that may qualify for that characterization in the news. The first case is the data breach at King Edward VII Hospital on December 4, 2012. Two Australian radio show hosts prank called the hospital in a joking attempt to get information on the condition of the Duchess of Cambridge. To their surprise the nurse, who answered the phone, fell for the hoax and provided them with information on the Duchess's condition and care. Last Friday, Jacintha Saldanha, the 46 year old nurse who provided the information, committed suicide just two days after news of the breach was released. The second case involves a data breach that occurred September 28, 2012 at the University of Georgia. A former student gained unauthorized access to a server containing 8,500 former and current employees' names, Social Security numbers, and other sensitive information. Still in the midst of investigation, police announced on Tuesday that Charles Stapler Stell, the 26 year old behind the data breach, passed away with no indication of foul play and most likely the result of suicide. In these two cases, the data breaches and their consequences appeared to have pushed these individuals into a life or death decision. As the importance of privacy and security breaches increases, we have now seen there are potential ramifications to the people involved, more than just notification and credit monitoring. As breaches unfortunately become more commonplace, organizations impacted should ensure that they not only have a response plan for dealing with the incident, but also how to constructively handle any employees at fault. While discipline from HR may be on the agenda, organizations need to ensure the wellbeing of their employees as they process their actions. References: http://www.bizjournals.com/atlanta/news/2012/12/11/uga-dead-former-student-responsible.html http://www.telegraph.co.uk/news/9730305/Statement-from-the-King-Edward-VIIs-Hospital-on-the-death-of-nurse-Jacintha-Saldanha.html _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- Is A Data Breach A Life Or Death Situation? Jake Kouns (Dec 13)