Report Data Breaches
by Brent Kirkpatrick
(Date Published: 4/2/2018.)
Some companies, such as Equifax, seem to think that they can avoid reporting until after a forensics expert discovers how the hack was performed. This is like waiting until after a trial to protect a victim. Just like some victims never find justice, due to a lack of evidence, many successful hacks leave few forensics traces. To wait until after detailed evidence is discovered is unconscionable.
Six months after they were hacked, Equifax continues to issue more data breach notices, now saying that 147.9 million records of personal information were stolen. They are not discovering more hacked computers, rather they are waiting for forensics efforts to demonstrate that records were transferred off the hacked computers. Equifax is not trying to protect its customers. It is a company working to save its image.
Whenever a computer is breached, the breach must be reported to the owners of the sensitive data on the machine. The only way to avoid issuing breach reports is if there was no sensitive data on the hacked computer.
defendIT (TM). AI-driven security measures derived from security incident data.