News &
Information

Are You Practicing Webcam Security?

Hackers can access a webcam and it could simply be on without your knowing. Read tips for staying safe around devices with cameras.

Why Your Organization Needs A Security Breach Notification Plan

All states have laws requiring organizations to notify individuals whose personal data is hacked. Learn more about why.

Vaccines And Ransomware: How "Vaccine Nationalism" Is Highlighting Cybersecurity Concerns

Every year, ransomware attacks increase in number and become more sophisticated. Read about the risk.

Why Is Fileless Malware Surging?

Fileless malware uses trusted tools, allowing it to hide from antivirus software. Learn more about fileless malware.

Why Your Organization Needs A Security Breach Notification Plan

Facebook has stated that it will not notify the 533 million users who had their personal data accessed in a data breach occurring before August 2019.

Business Insider reported that the stolen data was recently made public in a database on an amateur hacking forum. The stolen user data includes phone numbers, full names, locations, some email addresses, and other profile information.

The data breach affected users in 106 countries.

Facebook stated in a blog post that hackers exploited a vulnerability in a feature that allowed users to find each other by phone number. The feature is no longer being used on the platform.

Facebook reported that it found and fixed the problem in August 2019 and that cybercriminals can no longer use the same method to steal data.

According to a spokesperson for Facebook, the organization decided not to notify users because it is not confident which users need to be notified and the stolen information did not include financial or health information or passwords. In addition, the information was publicly available and users could not fix the issue themselves.

However, according to security experts, the data leak still leaves Facebook users vulnerable. The founder of CyberScout said that phone numbers are a universal identifier and it creates danger for people when their phone number is public.

For example, two-factor authentication frequently relies on phone numbers to verify a person's identity. Emma Bowman "After Data Breach Exposes 530 Million, Facebook Says It Will Not Notify Users" npr.org (Apr. 09, 2021).

Commentary

Organizations must follow all applicable security breach notification laws if hackers access personal data stored on your network belonging to employees, customers, or other third parties.

All 50 states, the District of Columbia, Guam, Puerto Rico, and the Virgin Islands have security breach notification laws requiring private and governmental entities to notify individuals of security breaches involving personally identifiable information.

In general, security breach notification laws specify who must comply, what constitutes “personal information” and a “data breach,” how notifications must be made, and exemptions. NCLS “Security Breach Notification Laws” www.ncsl.org (Apr. 15, 2021).

Familiarize yourself now with the laws in any state in which you operate and create a security breach notification plan that adheres to all requirements. Being prepared ahead of time for a data breach is essential to react in a timely manner and avoid violating the law.

Moreover, certain industries, like healthcare, have additional compliance requirements regarding security breaches.

Visit the National Conference of State Legislatures’ website for the security breach notification laws in each state.

Finally, your opinion is important to us. Please complete the opinion survey: