How to decode a data breach notice – TechCrunch - Deepstash

Bite‑sized knowledge

to upgrade

your career

Ideas from books, articles & podcasts.

published 9 ideas

How to decode a data breach notice – TechCrunch

techcrunch.com

“We take security and privacy seriously.”

Read: “We clearly don’t.”

A phrase frequently featured in data breach notifications.

The reality is that most companies have shown little compassion or care about the privacy or security of your data, but do care about having to expl...

STASHED IN:

3

“We recently discovered a security incident…”

Read: “Someone else found it but we’re trying to do damage control.”

When a company says they’ve “recently discovered” a security incident, ask who actually reported the incident.

All too often it’s a reporter who’s reached ...

STASHED IN:

3

“An unauthorized individual…”

Read: “We don’t know who’s to blame, but don’t blame us.”

If a system was exposed or left online without a password, you’d blame the company for lax secur...

STASHED IN:

3

“We took immediate steps…”

Read: “We sprung into action… as soon as we found out.”

In a lot of cases, most hackers are long gone by the time a company learns of a breach. When a company says it took immediate steps, don’t assume it’s from the moment of the breach

STASHED IN:

3

“Our forensic investigation shows…”

Read: “We asked someone to tell us how f**ked we are.”

Some companies use the term “forensics” loosely. Internal investigations are not transparent or accountable, and their outcomes are rarely scrutinized or published.

However, inci...

STASHED IN:

3

“Out of an abundance of caution, we want to inform you of the incident.”

Read: “We were forced to tell you.”

Don’t think for a second that a company is doing “the right thing” by disclosing a security incident. In the U.S. and Europe, companies aren’t given a choice.

Most states have some form of...

STASHED IN:

3

“A sophisticated cyberattack…”

Read: “We’re trying not to look as stupid as we actually are.”

Just because a company says it was hit by a “sophisticated” cyberattack doesn’t mean it was. It’s hyperbole, designed to serve as a “cover your ass” statement to downplay a security incident.Wh...

STASHED IN:

3

“There is no evidence that data was taken.”

Read: “That we know of.”

“No evidence” doesn’t mean that something hasn’t happened, it’s that it hasn’t been seen yet. Either the company isn’t looking hard enough or it doesn’t know. Even if a company says it has “no evidence” th...

STASHED IN:

3

“A small percentage of our customers are affected.”

Read: “It sounds way worse if we say ‘millions’ of users.”

The next time you see a data breach notification that says only a “small percentage” of customers are affected by a breach, think again.

Houzz admitted

STASHED IN:

3

0 Comments

Discover and save more ideas by creating a

FREE

Deepstash account.

Develop a

reading habit

, save

time

and create an amazing

knowledge library

.

GET THE APP: