10/10/2017

The Hardest Part of a Security Breach? Disclosure

The disclosure problem has long been a issue with corporate data breaches

Equifax’s disclosure last month that it had been hit by a massive security breach raised a lot of questions in the IT space about proper disclosure decorum.

Short version: Equifax knew about the breach for more than a month before it told the public on September 7, which potentially hurt the millions of people whose sensitive information was managed by the credit-reporting agency.

At a hearing before the House Energy and Commerce Committee last week, former Equifax CEO Richard Smith revealed that he didn’t personally know the full scope of the breach until August 17, nearly three weeks after the company was first made aware of the existence of a problem. It took another week for the company’s full board to be made aware, and roughly two weeks after that for the public to know.

Please click here to read the complete article from Associations Now.