How to respond to a data breach

[bHow to respond to a data breach[/b I cover a lot of data breaches. From inadvertent exposures to data-exfiltrating hacks, I’ve seen it all. But not every data breach is the same. How a company responds to a data breach – whether it was their fault – can make or break its reputation.
I’ve seen some of the worst responses: threats, and there isn’t a problem at all. In fact, some companies claim they security “seriously” when they clearly don’t, while other companies see it merely as an exercise in communications.
But once in a while, a company’s response almost makes up for the daily deluge of hypocrisy, obfuscation and downright lies.
Last week, Wireless, a U.S. cell carrier that provides free government-subsidized cell phones and plans to low-income households, had security lapse that exposed tens of thousands of customer IDs – driver’s licenses, passports and Social Security cards – used to verify a person’s income and eligibility.
A misconfigured plugin for resizing images on the carrier’s website was blamed for the inadvertent data leak of customer IDs to the open web. Security researcher Wethington found the exposed data through a simple Google search. He reported the bug to TechCrunch so we could alert the company.
Make no mistake, the bug was bad and the exposure of customer data was far from ideal. But the company’s response to the incident was one of the best I’ve seen in years.
Take notes, because this is how to handle a data breach.
[bTheir response was quick. [/bAssist immediately responded to acknowledge the receipt of my initial email. That’s already a positive sign, knowing that the company was looking into the issue.


Leave a Reply

Your email address will not be published. Required fields are marked *

Snowflake’s IPO could value it as high as $24B, Salesforce and Berkshire to invest

JFrog’s IPO strong initial price range values it ahead of the larger Sumo Logic