Cyber Data Breaches What Is Coming

The news for the last few days has talked about the Linked-in and the E-harmony password breaches as though it was a super threat. In the realm of data breaches you need to understand the issue. What is breached and what information is exposed. If I have your password I can get into your account right? What if I don’t know your login ID? If all I have is your password I may not be able to do much unless there is a way to identify you or the account. If I can identify you, I can contact you to scam you out of additional information to commit my crimes. If I can identify the account then I can login and take over the account. The type of account will determine the damage that I can create.

When there is a breach of date the concern is three fold.

1.       Was the information enough to supply me with the data I need to create new accounts?

2.       Was there enough information to allow me to sucker you into giving up more information?

3.       Was it enough for me to take over the account and drain it, max it out or use it to scam others?

When a company has a data breach and does not clearly indicate what was exposed it leaves the recipients to try and guess what to do. It also leaves the company somewhat exposed to legal reprisals. The time frame in a breach should be discovery, investigation, informed notice, and then proceed with your business. The investigation should involve law enforcement and they should be called before any repair or system fixes are started. The notice needs to be clear and concise and complete. The better these steps are done the better for all involved.