The data breach notification is intended to inform you of what happened, when, and how it affects you. Some states have laws that require companies to disclose information about security incidents as soon as possible, such as data breaches. The next time you receive a data breach notification, please read between the two lines.
The reality is that most companies seldom sympathize or worry about the confidentiality or security of data, but they worry about explaining to customers that their data has been stolen.
“We recently discovered a security incident …”
When a company said that it had “recently discovered” a security incident, I asked who actually reported the incident.
“Unauthorized person …”
For example, if a responsible security researcher discovers an unprotected system and reports it, there is no reason to call it an attacker. Businesses like to blame you, so please stay open.
“We immediately took measures … “
In many cases, when the company finds violations, most of the hackers no longer exist. When a company claims to have taken immediate action, please do not think that it has happened since the violation. Equifax said it would “take immediate action” to stop the intrusion. As a result, hackers stole nearly 150 million consumer credit records.
“Our forensic investigation revealed …”
Interviewees can help you understand how an intrusion or data breach occurred. This helps companies collect online insurance and prevent such violations from happening again. But some companies use the term “forensics” poorly. “For prevention, we hope to inform you of this incident.
Most states have data breach notification laws that require companies to disclose incidents that affect a certain number of residents and superiors. Looking at Yahoo, Yahoo was fined $ 35 million for U in 2018.
“Complex cyber attack …”
The fact that the company claimed to have been subjected to “complex” cyber attacks does not mean that it happened. This is an exaggerated design, designed to act as a cover-up statement to minimize security incidents. In fact, this indicates that the company does not know how the attack occurred. “There is no evidence that the data has been obtained.
The company doesn’t look hard enough or knows nothing about it. Even if the company claims “no evidence” to prove that the data was stolen; it is worth asking how they came to this conclusion. The next time you see a data breach notice that only a small percentage of customers are affected, please take a minute to think about what this actually means. House admitted in January 2019 that a data breach occurred, saying that “ some of our user data has been stolen ”.