Data Breaches, a 3-part Series Breaking Breach Secrecy, Part 1

Corporations Need to Publicize Breaches

By Robert E. Holtfreter, Ph.D., CFE, CICA

Corporations are deathly afraid of data breaches, but they need to proactively protect themselves and be frank with consumers when they are attacked. Here is help for counseling your organizations or clients.   

data-breachIn a relatively recent data breach case, The Associated Press informed a young college student from Suwanee, Ga., that his personal data, including his Social Security number, were stolen from Metro City Bank when hackers breached the bank's security system. The student, Yoon-Kee Kong, had opened an account with the bank about a month earlier.

The AP got Yoon's name from Prevx, a U.K.-based security firm that successfully had infiltrated a hacker's website operating out of the Ukraine. The website had been serving as a trove, or a stash house, that hackers use to retrieve stolen personal data. This particular trove held personal data from 160,000 infected computers and was adding data from 5,000 newly infected computers every day. What is even more alarming is that it took the Internet service provider nearly a month to shut down the hacker's website.

Reluctant to talk with media, the bank released a statement that it was going to notify its customers and investigate the breach, according to the March 16, 2009, USA Today article, "Cybercrooks' website spotlights extent of identity theft."

Corporations often fail to disclose data breaches or try to minimize their impact. Unfortunately, this unethical behavior often fuels even more breaches.



For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.