How to decode a data breach notice
By Zack Whittaker
May 19, 2020
Over the years I’ve seen hundreds, probably thousands, of data breach
notifications warning that a company’s data was lost, stolen or left online for anyone to grab.
Most of them look largely the same. It’s my job to decode what they actually
mean for the victims whose information is put at risk.
Data breach notifications are meant to tell you what happened, when and what impact it may have on you. You’ve probably already seen a few this year. That’s because most U.S. states have laws that compel companies to publicly disclose security incidents, like a data breach, as soon as possible. Europe’s rules are stricter, and fines can be a common occurrence if breaches aren’t disclosed.
But data breach notifications have become an all-too-regular exercise in crisis communications. These notices increasingly try to deflect blame, obfuscate important details and omit important facts. After all, it’s in a company’s best interest to keep the stock markets happy, investors satisfied and regulators off their backs. Why would it want to say anything to the contrary?