Real World Risk Management Practical HR Resources
welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD

Why Your Organization Needs A Security Breach Notification Plan

Facebook has stated that it will not notify the 533 million users who had their personal data accessed in a data breach occurring before August 2019.

Business Insider reported that the stolen data was recently made public in a database on an amateur hacking forum. The stolen user data includes phone numbers, full names, locations, some email addresses, and other profile information.

The data breach affected users in 106 countries.

Facebook stated in a blog post that hackers exploited a vulnerability in a feature that allowed users to find each other by phone number. The feature is no longer being used on the platform.

Facebook reported that it found and fixed the problem in August 2019 and that cybercriminals can no longer use the same method to steal data.

According to a spokesperson for Facebook, the organization decided not to notify users because it is not confident which users need to be notified and the stolen information did not include financial or health information or passwords. In addition, the information was publicly available and users could not fix the issue themselves.

However, according to security experts, the data leak still leaves Facebook users vulnerable. The founder of CyberScout said that phone numbers are a universal identifier and it creates danger for people when their phone number is public.

For example, two-factor authentication frequently relies on phone numbers to verify a person's identity. Emma Bowman "After Data Breach Exposes 530 Million, Facebook Says It Will Not Notify Users" npr.org (Apr. 09, 2021).

Commentary

Organizations must follow all applicable security breach notification laws if hackers access personal data stored on your network belonging to employees, customers, or other third parties.

All 50 states, the District of Columbia, Guam, Puerto Rico, and the Virgin Islands have security breach notification laws requiring private and governmental entities to notify individuals of security breaches involving personally identifiable information.

In general, security breach notification laws specify who must comply, what constitutes “personal information” and a “data breach,” how notifications must be made, and exemptions. NCLS “Security Breach Notification Laws” www.ncsl.org (Apr. 15, 2021).

Familiarize yourself now with the laws in any state in which you operate and create a security breach notification plan that adheres to all requirements. Being prepared ahead of time for a data breach is essential to react in a timely manner and avoid violating the law.

Moreover, certain industries, like healthcare, have additional compliance requirements regarding security breaches.

Visit the National Conference of State Legislatures’ website for the security breach notification laws in each state.

Finally, your opinion is important to us. Please complete the opinion survey:

Online Requests To Change Payment Procedures: A Red Flag That Needs Thorough Investigation

Organizations must train employees to prevent phishing scams, but also know what to do if an employee falls prey. Read more.

read more

Mac Malware Is On The Rise: Why You Can't Wait To Update

Installing updates to patch vulnerabilities immediately is your best defense against malware, including malware infecting Macs. We examine.

read more

Scam Or Legit: Would You Be Able To Tell The Difference?

The FTC warns people to be alert to scammers posing as government agents and asks for help in communicating the risk to others. We offer further steps for employees to use to avoid becoming victims.

read more

So Where Is All The Malware Hidden On Your System?

Cybercriminals are using new technology and techniques to evade detection. Learn more about how malware is hidden from antivirus software.

read more