Remember the last time you have bat an eye on technology-related news sources – how many of the articles written there were related to data breaches? We’re willing to bet there were more than a couple – data breaches hitting the news are a very serious problem in and of itself, and in this blog, we’re walking you through this issue.
Data breaches are a pretty big issue in and of themselves. Most of the time they’re a direct result of our applications not being properly secured – at other times, they’re a result of a successfully mounted social engineering attack. However, one point still stands – data breaches can do a lot more harm than we could possibly imagine: problems can range from identity theft to massive fraud schemes if the attacker has his hands on a lot of data and uses it to attack other systems using credential stuffing – however, one issue that is often overlooked is the possibility of the data breach hitting the press.
The Media and Data Breaches
The media becoming aware of a data breach in a big and trustworthy company will surely be a big hit to the reputation of the company – from lost clients to problems with data protection authorities, the company will surely have a lot of things to examine and re-do. Part of the issue will be related to the fact that in many scenarios, the media is more interested in the clicks that a story brings: for that, they can come up with clickbaity headlines which would make more people want to click on them, and as a result, people would run with the story and tell them to others, creating a snowball effect.
A snowball effect of the news from the media would likely be more severe than we could think – the story would be quickly picked up by other news sources, individual security researchers, and journalists and quickly spread. Ever heard of the “broken phone” game where many people hearing the same news from other sources twist it and by the time the last person becomes aware of the news and tries to recite It, the news isn’t even close to what they’ve been in the first place? Such an event is very possible.
To avoid such a downside, there are two things your company can do:
- If the data breach was discovered by one of the members of your security team, keep it within the company until you investigate, plug the holes, and alert your customers.
- If the data breach was discovered from the outside (e.g. your company became aware of it by reading the news), consider contacting journalists to immediately explain the situation and tell them that your team is working on the matter.
If you decide to follow step #1, keep the following things in mind:
- If your application has any customers, you should inform them to change their passwords only after closely investigating the data breach. Many attackers leave backdoors – pieces of code that let them “return” to the application at a later time and perform malicious acts on it after some time has passed – if we change user passwords without removing those, we’re still keeping the doors toward our application wide open and that’s why it’s so important to perform a thorough code analysis before resetting any passwords. The reset of passwords should always be the last measure that’s taken.
- The investigation of the data breach that has happened should only be performed by professionals – we advise you refrain from investigative action yourself because it can only make the situation worse: by leaving this task to professionals, you will ensure that the damage will be contained, assessed, and addressed properly.
- Don’t waste time – the sooner your team jumps to the data breach, the sooner the damage will be contained, assessed, and addressed.
If you decide to follow step #2, however, follow these steps:
- Consider and evaluate what kind of media outlet reported the possible data breach to you – is it a reputable source? Or is it known as a medium that spreads fakes all over the place? Once you have evaluated the source, decide how to answer. If it’s a reputable source, working with them might be viable because the news outlet will probably write that you’ve handled the data breach responsibly – if it’s not, you might want to ignore the email, but forward it to your internal security team for investigation.
- If the news already broke, you might want to work with the media outlet: in some cases, one may work with the media outlet for them to update the story that has been written and for the story to say something along the lines of “the security flaws have been reliably fixed and the company X has ensured that all its customers are safe.”
- If the news didn’t break, you have the chance to talk with the media to thank them and ask them not to spread the news in order not to harm the reputation of the company: data breaches are serious business and when disclosed, the fact alone can harm the business severely. Customers will start complaining, regulators may start enquring about a possible costly investigation, etc. Forward the news for your internal security team to investigate, hire forensic security experts to contain the flaw and evaluate the impact of the data breach, then inform your customers if a password reset is necessary. If not, write an article outlining that a data breach has occurred and that its damage has been contained (only do that after all of the phases of the investigation have been complete.)
After these steps have been complete, conduct a final overview of the security posture of the company – even if the news were fake, a security review has never harmed anybody. Perhaps you will find and plug a flaw or two to prevent a data breach in the future!
Preventing Data Breaches
A data breach of your company hitting the press is not the thing you want to see – we do understand that, so to prevent data breaches in the future, BreachDirectory can offer you two options:
- The BreachDirectory data breach search engine that allows for free searches for email addresses, usernames, domains, or IP addresses – in seconds, the data breach search engine will tell you whether your account is at risk of identity theft or not.
- The BreachDirectory API – the BreachDirectory API allows individuals and companies to search for email addresses, usernames, domains or IP addresses to determine their likelihood of being exposed in data breaches.
Making use of both of those options will put your company at the security highway – riding it is another deal altogether though, so be sure to keep an eye on the BreachDirectory blog to follow all of the newest developments in the tech space (the blog is available here), and until next time.