After the Breach
How Companies Respond to Data Breaches and How to Prevent Becoming One of Them
Current California law requires businesses that have experienced a data breach to notify any CA resident whose personal information has been or is believed to have been stolen. After experiencing a data breach, organizations must send a breach notice to affected parties. If more than 500 state residents have been informed of a breach, the company needs to send a sample copy of the notice to the California Attorney General.
These breach notices include information about the incident, what the business has done to respond to it, and what persons affected can do to protect themselves. While these notices show how companies can respond to breaches after the fact, organizations need to be proactive about cybersecurity, identifying potential attacks and preventing them from happening.
By reading these breach notices, other companies can increase their awareness of the consequences and costs of failing to be proactive about risk. Responding to breaches once they have occurred can be expensive, as companies must often rework their security strategy and take on the cost of identity and fraud protection for affected customers and clients.
Read on to learn how to detect, respond to, and remediate data breaches.
Please Choose a Chapter:
USA Waste-Management, LLC
On January 21, 2021, USA Waste-Management, LLC detected suspicious activity in its network environment. After starting an investigation, with the help of third-party forensic specialists, and contacting the FBI, the organization learned that hackers had accessed and stolen files containing sensitive information between January 21 and 23. While USA Waste-Management detected the breach quickly, it took many months of investigation to determine that personal information, such as names, Social Security Numbers, and driver’s license numbers, had been taken.
USA Waste-Management took a reactive approach, investigating the nature and scope of the incident, assessing company security policies, and taking steps to improve them after the breach occurred. As required by CA law, the organization notified potential victims of the breach. Affected parties were informed that their personally identifiable information had been accessed by the hackers. Further investigation was needed to determine whose information had been stolen after having been accessed.
The clients and customers affected by the breach were offered a year of free credit monitoring and identity protection services at the organization’s expense. The victims were also advised to review information on how to defend their personal information against identity theft and fraud to prevent being victimized again.
Between January 20 and February 12, 2021, hackers used the Farmers Insurance auto quoting system to steal the personal information of users, including driver’s license numbers. Hackers had used the system to make fraudulent requests for quotes, making it difficult to determine which people had been affected by the breach. Farmers noted that people who had made valid quote requests during this period or had someone request a quote on their behalf may not have been affected.
Once the breach was detected, Farmers began to prevent access to personal information through the system and worked to identify victims of the attack. Farmers also continued to investigate how the breach occurred.
As required by law, Farmers sent out a formal notification of the breach to those potentially affected. Because of the nature of the breach, Farmers was unable to determine which requests for auto quotes were legitimate and which were fraudulent.
In response to the breach, Farmers retained a third-party ID protection company to help affected parties and took on the expense of providing access to free credit monitoring and fraud alert services for 12 months. Farmers also offered proactive assistance with any questions or problems related to the breach.
University of California
In December 2020, University of California was breached through a third-party file transfer appliance (FTA). The breach of the University was part of an international attack on higher education institutions, government agencies, and private companies.
Hackers exploited vulnerabilities in the third-party application to gain unauthorized access to personally identifiable information. Affected parties included students, faculty, staff, and retirees of the University. Some sensitive data was subsequently posted on the internet, further exposing the victims to identity theft and fraud.
In response to the breach and in keeping with CA law, the University sent a notice to affected people in May 2021, informing them of the incident. The formal notice was a follow-up to an earlier notification the University had sent in April 2021. After the breach was detected, the University took the system off-line and patched the vulnerable FTA application. To prevent future breaches, UC is working to find a more secure replacement for the appliance.
UC staged interactive workshops to educate the campus community about how its members can protect themselves and established a call center dedicated to answering questions about the breach. The University also arranged for free credit monitoring and identity theft protection services for the entire University at its own expense.
How to Prevent a Breach
A data breach can happen to any type or size of organization. Breaches that occur through vulnerabilities in endpoints and third-party applications are only the tip of the iceberg. Hackers use many attack vectors to accomplish data breaches. Often, these breaches go undetected for months, delaying any type of response.
The companies profiled above responded appropriately after a breach but could have done more to prevent one from happening. The NIST 800 Framework recommends following a process of:
Companies that identify and detect potential risks are better equipped to prevent data breaches from happening. When a company takes a preventative approach to risk, even if an attack is successful, the right measures can be taken to respond immediately.
Security Awareness Training/User Awareness
Educate users to recognize suspicious activity and avoid threats.
Web Content Filtration
Block access to harmful websites.
Endpoint Detect & Response
Monitor endpoints in real-time and respond to threats immediately.
24/7 Alerting & Monitoring
Monitor your systems around the clock and receive alerts about potential threats.
Eliminate vulnerabilities in hardware and software that can be exploited.
Email Filtering & Threat Protection
Block malware and phishing attempts.
Detect, Respond, Remediate
To prevent a breach, your company must have the right tools to detect a potential attack. Machine learning, predictive assets, and cloud-based models can help you achieve this foresight.
Clare Computer takes a detect, respond, and remediate approach to cybersecurity, identifying inbound attacks and responding immediately to them. We follow NIST 800 Framework for detecting and identifying the stages of a cyberattack.
Our Managed IT Support offering will raise your security profile and connect you with the leading security vendors.