How NOT To Notify Your Victims About That Pesky Data Breach

3 Cardinal Rules to Follow When Avoiding Responsibility for Cybersecurity Incidents.

First and foremost, let it age for a month after discovery. It is important to appreciate that data breaches get better with age, so give it time before you get around to pen some well turned phrases.

That was a bonus tip. It almost goes without saying that the sooner you let people know you dropped the ball on their data, the sooner they’ll panic. Be kind and let them have a few weeks to savour their false sense of privacy.

1. Keep’em guessing. Never mention which product, company or website was hacked. Address victims only in vague, superficial terms and be sure to tell them you’re working diligently on their behalf, even though you just compromised their children’s personally identifiable information.

2. Avoid mentioning the impact of your stolen data in criminal hands. Just because your information can be used to open bank accounts and sign up for utilities and cell phone plans, there is no reason to alarm people after cybercriminals have taken possession of their data. You never know, they may decide to hand it right back out of the goodness of their hearts.

3. Placate your victims with false assurances. Push the illusion of security as far as it will go and whatever you do, avoid taking responsibility for the breach that was entirely due to your negligence. People love to be lulled into a peaceful delusion.

Finally, don’t let them sit on their laurels. It’s bad enough that you’ve been inconvenienced into having to affix your name to a letter. Put those victims to work and impose arbitrary constraints. It’s as easy as A, B, C:

a. Tell them not to call after 4:30 because identity theft be damned, you need your beauty sleep.

b. Let them fight with the credit bureaus, because after all it’s a great learning opportunity for them to discover that under Canadian law, they have negligible protection from unauthorized transactions.

c. Reiterate that you are committed to protecting their information, implying that it’s now time for them to do their part, especially since they now have their work cut out for them after you allowed hackers to help themselves to their data.

Wish them luck! They’ll need it!

--

--

--

Fīat jūstitia, ruat cælum. Personal musings on data protection fails, snafus & oddities, collected & edited by Claudiu Popa; author, educator, booknerd.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

X Rush Public Beta Test 1 Coming Soon with 250K $XOX Token Rewards!!!

How to choose a password that’s hard to crack

Electroneum launches App update as user base continues to grow

Daily Cyber Briefing — 1–22–20

How does MyMDT work?

Snowflake Safe multisig is here

Your Attackers Won’t Be Happy — How GitLab Can Help You Secure Your Cloud-Native Applications!

WordPress sensitive information disclosure dork

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bad Privacy

Bad Privacy

Fīat jūstitia, ruat cælum. Personal musings on data protection fails, snafus & oddities, collected & edited by Claudiu Popa; author, educator, booknerd.

More from Medium

Troubleshooting in the Shell

Oracle APEX: Install other languages

Standing Up Windows Server 2019 Core

The Differences Between Static and Dynamic ibraries