Sister CISA CISSP

Nov 13 2009   9:49PM GMT

You Can’t Outsource Reputation

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Reviewing yet another data breach in the news, I was struck by the phraseology of the news report. Specifically, the article on MassMutual brought a point to mind that I keep using with companies and organizations I work with: You can transfer risk, but you are still responsible for your data in the public eye.

Reading the article, I was struck by the fact that nowhere in the article was the name of the third-party vendor mentioned. MassMutual is taking it on the chin (and quite defensively, I might add) because, ultimately it is their data. They picked out the third-party vendor – I wonder how good their contract with the vendor is.

And the parties affected by this breach? Their employees, and their families.

The company announcement: “The vendor engaged a highly respected forensics team to investigate, and at this time we believe that no misuse of the information or fraudulent activity involving the data has occurred,” is disingenuous at best. We looked, but found nothing right now – so everything is OK!

Here’s the reality, however:

According to a recent report published by Javelin Research, (for which you must pay $1250.00, so you won’t be seeing me offer THAT as a download) individuals whose personal information has been compromised in a corporate breach are four times more likely to suffer identity theft or fraud.

This result runs contrary to MassMutual’s defensive statement, and is very commonly used from breached companies, who often state that they have no indication that the compromised data has been used by criminals.

No vendor name, no information on how or when it happened, but trust us, your data is fine!

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: