DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

How to Respond to a Data Breach – and Then Some

Posted on February 8, 2011 by Dissent

George Hulme recently wrote about an anticipated WikiLeaks exposure of Bank of America files and used Bank of America’s attempts to prepare for the disclosures as an opportunity to discuss how to respond to a breach. George writes, in part:

The idea isn’t to bury the news, or prepare executives how to lie, but to proactively deal with any potential reverberations from such a bunker-busting breach as quickly and efficiently as possible.

“When you’ve been hacked, and you know it’s coming, the worst thing to do would be to ignore it,” says Matt Kucharski, senior vice president at the Minneapolis-based public relations firm Padilla Speer Beardsley.

[…]

Kucharski says once an incident is underway, best practice response calls for four strategic prongs: assess, make a plan of action and the execution of that plan, communication, and an evaluation of how the plan went, or is going.

Read more on ThreatPost.

I don’t completely agree with George’s statement that most of the lasting impression isn’t going to be how the breach occurred. I think that when a breach involves a laptop with unencrypted sensitive information being stolen from an employee’s car,  the entity’s customers or employees will be left with a negative impression no matter how great the follow-up and communication might be.   Perhaps the only thing a company can do in that scenario to win back its users’ fuller confidence is to fire the employee and make it clear that any employee who violates security policies does get fired.

I would add the following  recommendations on communication following a breach:

  • Be upfront about the number of people affected.
  • Be upfront about how the breach occurred.
  • Be upfront about when – and how – you discovered the breach.
  • Offer the customers free services if the data involved are such that their risk of ID theft or fraud is now increased – however small you think or desperately wish to believe the risk is.
  • Those affected do not need false platitudes and reassurance. They need information and solid advice not to take any chances.  There is no place for stupid statements like, “We have no evidence to believe that your data have been misused.”   Data can first be misused months or even years later.  A company’s attempt to downplay the seriousness of a breach in a misguided attempt to protect their reputation  may lead to people not taking steps to protect themselves from the increased risk they now face.
  • Set up a dedicated phone line with trained professionals to assist people who want to call for more information or help. Have the phone line open on evenings and weekends for the first month after the notification.
  • Post a notice on your web site with a prominent link from the home page.
  • Don’t be afraid to talk to reporters or bloggers. While we are out to get the story and details, don’t assume that whatever we write will hurt your reputation. If you’re handling things well, you might even wind up with positive press.
Category: Commentaries and Analyses

Post navigation

← UK: Councils fined for unencrypted laptop theft
Identity Fraud Fell 28 Percent in 2010 According to New Javelin Strategy & Research Report →

2 thoughts on “How to Respond to a Data Breach – and Then Some”

  1. marianc says:
    February 8, 2011 at 12:47 pm

    So your solution is to find a scapegoat to hang and that is supposed to restore public confidence?

    It’s far more important to assess the policies and procedures that allowed such an incident to happen. Who is responsible for making sure that mobile devices are encrypted? The end user? No. The CIO’s office, where there should be an adequately traned and qualified CISO in charge. Who is responsible for training end users on proper security procedure? Who is responsible for setting the policy governing the proper handling and storage of mobile devices?

    If an organization has the right policies in place and enforces them, the proverbial stolen unencrypted laptop should never be able to happen. Blaming the hapless employee who had the misfortune to misplace the device is no solution. All it does is deflect the blame from where it belongs: on management.

    1. admin says:
      February 8, 2011 at 1:36 pm

      I was referring to those situations in which management has the right policies in place but the employee violated the policy. Yes, you can argue that management should be ensuring that policies are followed and I agree with that, but really, at some point, if the employee knows he’s not supposed to leave his laptop in his car and leaves it there anyway, he should be fired. And in those situations, that’s what I think the company needs to do and to tell those affected. And if it turns out that the problem was with management, well, then, maybe management needs to be fired.

      If the right policies and procedures weren’t in place, then that’s a different story and the focus is on revising policies and procedures to prevent recurrence.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach
  • ‘Deep concern’ for domestic abuse survivors as cybercriminals expected to publish confidential abuse survivors’ addresses
  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
  • Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.