DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

How Data-Breach Hype Undermines Your Security

Posted on March 12, 2015 by Dissent

Sue Marquette Paremba takes the media out to the wood shed for reporting on breaches in ways that repeat false claims of “sophisticated” attacks and that may  leave us thinking that there’s nothing we can do to protect ourselves or better secure data we are responsible for:

Some media outlets called last month’s data breach at health-insurance company Anthem, which resulted in the theft of highly sensitive personal information pertaining to up to 80 million people, a “sophisticated attack.” However, later reports showed that weak authentication had let hackers into the database, and that a lack of proper encryption had allowed the personal information to be shared.

In a similar breach in 2014 at Community Health Systems, the company said the attackers “used highly sophisticated malware and technology.” It turned out the hackers had actually exploited the simple, very fixable Heartbleed bug, which had been widely known for months.

Read more on Tom’s Guide.

I hope more journalists covering breaches in the mainstream media read Sue’s article.

Category: Commentaries and Analyses

Post navigation

← Hospital worker: Ex-husband’s email snooping violated patient rights
Fear of data breaches leads 21% of patients to withhold information from physicians →

1 thought on “How Data-Breach Hype Undermines Your Security”

  1. IA Eng says:
    March 12, 2015 at 11:33 am

    Yep, most are a crock. I see alot of password re-use, a simple spear-phishing attack, a social engineering method – all common style attacks that work without much effort on the crook’s side.

    On the good side – insecure security practices, lack of attention to detail, failure to follow standard operating procedures – or the lack of having them, insider threats and the list goes on.

    Another thing that has always bothered me is the lax attitude about “taking security seriously”. Most companies will ride that gravy train until something happens. Then, when an incident occurs, they will try to rely on any insurance plans to help bail them out.

    With Anthem, Old habits die hard. They have had at least one other reported breach in the past. So they change their name and try again, in hopes that all will get better over time, Again, old habits die hard and they get breached again. Somehow, I think this is not the end of their data breach demise. I personally don’t see the issue getting better at all. I don’t see Anthem hiring any IT security pros to protect the data they have been responsible for. So, instead they will have some agency come in, speak greek to the untrained stafff, and the agency will leave, while the clueless remain. The Anthem crew breach issue continues to this day. They apparently have little answers to big issues and do not have a simple SOP for the cannon fodder manning the complaint lines. I am sure they are crosing fingers and for another epic breach so they can be – pun intended – “#2” on the list.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.