Who Reports Data Breaches?

Data breaches are becoming (almost) commonplace. It seems that major new public and private sector data breaches are announced every week — if not most days.

Most states have laws mandating the public disclosure of data breaches where personally identifiable information (PII) is at risk. You can see the details of those laws at this National Council of State Legislatures (NCSL) website.

I brought this topic up over three years ago, and explored the need for some type of “data breach Richter scale,” and other writers and media organizations like SC magazine have agreed with me. And yet, the data breach problem has only become worse over the past 36 months.

In South Africa, a recent headline proclaimed: Another day, another data breach. Here’s an excerpt:

“Like millions of South Africans, I was jolted out of my Sunday morning snooze by an SMS from Liberty, telling me that its data had been hacked. As limited information about the attack has slowly filtered out, it has only served to raise more questions than answers.

If it was “largely” emails and attachments, whose emails and what attachments — and does this mean my bank statements and medical records are in the hands of cyber-extortionists?

The same is true of several major data breaches that have hit South Africa in recent months, such as the infamous masterdeeds breach that left more than 60-million South Africans’ personal records openly accessible over the internet.

But ultimately, what has been most disturbing about the Liberty attack hasn’t been the lack of concrete information or the intense speculation about how the attackers managed what they did in the first place.

What has been most alarming for me as a consumer is the reality that, in practical terms, there is currently little recourse for South Africans (Read more...)

*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at: http://www.govtech.com/blogs/lohrmann-on-cybersecurity/who-reports-data-breaches.html