How to decode a data breach notice

[InfoSec News <alerts () infosecnews org>]

https://techcrunch.com/2020/05/19/decoding-data-breach-notice/

By Zack Whittaker
TechCrunch.com
May 19, 2020

Over the years I’ve seen hundreds, probably thousands, of data breach
notifications warning that a company’s data was lost, stolen or left online for
anyone to grab.

Most of them look largely the same. It’s my job to decode what they actually
mean for the victims whose information is put at risk.

Data breach notifications are meant to tell you what happened, when and what
impact it may have on you. You’ve probably already seen a few this year. That’s
because most U.S. states have laws that compel companies to publicly disclose
security incidents, like a data breach, as soon as possible. Europe’s rules are
stricter, and fines can be a common occurrence if breaches aren’t disclosed.

But data breach notifications have become an all-too-regular exercise in crisis
communications. These notices increasingly try to deflect blame, obfuscate
important details and omit important facts. After all, it’s in a company’s best
interest to keep the stock markets happy, investors satisfied and regulators off
their backs. Why would it want to say anything to the contrary?

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_