When there is a breach, generally the target information is sold or otherwise used for malicious purposes. For instance, if a retail establishment’s database of customers with their private, confidential information, this may be sold on the dark web. The secondary effects lie with those whose information was states. For years they have to monitor their credit reports, looking for fraud. If this occurs, the affected people are unfortunate in that they have to spend hours attempting to correct this.
A large breach occurring in the last few years involved Scottrade. The business experienced the breach in late 2013 and early 2014. A notable issue with this, other than the breach itself, was Scottrade was not aware of this until August 2015 once the FBI informed Scottrade of the breach. This level of negligence has proven not to be a confidence builder for the Scottrade InfoSec Department.
There were individuals directly affected by the breach. Initially there was a class action suit filed by the affected parties. Curiously this was dismissed. The court found that the plaintiffs, the persons whose private, confidential data had been stolen, had shown no damages. The suit was later refiled after the identity thefts began to surface.
As time passes, the legal system will likewise update itself for technology. This will take time and a shift of a mindset. Depending on the criminal, the damages could be realized in the very short-term or in the alternative long-term, or a combination.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!