False Alarm!!

Did I get your attention? Good because we are about to travel in time and you probably were a victim of this incident. In case you’re wondering, there was no breach at netlogx. Your information is completely secure! Is it?

Imagine a time where an important company that has confidential information from every person that happens to have a social security number, credit cards and anything that should be completely secured, is exposed in a breach. On this breach, not only your whole identity is compromised, but the information of all the people you care about as well. Would you be prepared for this situation? If your answer to this question is no, don’t feel bad because you probably form part of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax.

Equifax Breach

On 2017, there was a breach that lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada, too. However, Equifax reported recently that the breach is still going on, and 4.9 million consumers were added to the list of people affected by this attack for a total of 147.9 million consumers. Now, after seeing this situation, if netlogx were to be a victim of a breach, should this incident be reported to law enforcement?

Why It Shouldn’t

Companies should be compelled to fix vulnerabilities as quickly as possible and quietly especially when they are stewards of our personally identifiable data or digital assets. After the vulnerability is fixed, it must be reported. Let’s keep in mind by reporting this before the problem is fixed, the news would make the information viral and the hackers will stay ahead of the game making the situation more complicated. Equifax even profited from the hack by selling identity protection services after the fact. The law varies from state to state on reporting requirements, and some states like South Dakota and Alabama don’t have a law in place. This is a problem and should be addressed at the federal level.

Why It Should

All security incidents should be reported to the law enforcement because stolen personal information is not something to take lightly. Going back to the case of Equifax, consumers can infer that Equifax did not handle the issue in a timely fashion because the breach occurred in May and did not end until July which shows that they really did not try their best to stop this mess from happening. Yet, people still were getting affected. By having law enforcement involved, if the breach escalates to another level, at least there is federal coverage and evidence to protect the company’s policy in case an employee wants to sue the company for not being secured enough or by having hackers involved in an act of terrorism asking for money or other things of their interest to affect the company big time and at great exposure.

My Opinion

I believe that everything must be reported to law enforcement. However, taking into consideration that companies get cyber-attacked daily and some of these companies are having a breach without even knowing, there should be a procedure to follow before reporting a breach. Every company must have an IT team and, depending on the level and amount of important data this company possesses, the IT team should have people with the specialty in Cyber Security. The Cyber Security IT team members should have a deadline to fight against this breach. Let’s say that one month is the time limit before reporting the breach; if they couldn’t solve it, I believe the company should contact a private company to help the IT team solve this problem. After the problem is fixed, a report should be made stating that the company was a victim of a breach. If it wasn’t solved with the extra help, ask for federal help. All in all, there’s no way to predict that data is super secure because a breach is like a cancer; you don’t see it, you don’t feel it, but when you finally notice something is wrong, it already has caused a considerable damage that may take substantial time, effort and dedication to fix.