The Security Detail

Apr 30 2011   8:23PM GMT

Standard Data Breach Response Plays Into Attacker’s Hand

Tony Bradley Tony Bradley Profile: Tony Bradley

Whenever a data breach occurs, the compromised company responsible for losing your data eventually reaches out to inform you that your sensitive personal information may have been exposed in some way. The message typically comes with assurances that the company values your privacy more than life itself, and cautions you to watch out for any phishing scams attackers might launch trying to appear as if they came from the company. And, that message usually comes…by email.

That standard response plays into the attacker’s hand to some degree. The user becomes used to the idea that they might receive email communications from the company related to the data breach. That opens the door for an attacker to follow up with a convincing email that appears to be from the company directing users to provide account details or change their password…in response to the breach of course.

I realize that email is fast, and easy, and is probably the best and most efficient way for companies to notify affected customers. It just seems like a bit of hypocrcisy to send an email from the company that tells users to watch out for emails that appear to be from the company.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: