Companies Can’t Figure Out What Hackers Stole – Why?
This is just one example. Fallout from the hack of Australian health insurer Medibank continues to get worse as the company has “widened” the group of people affected by the breach. Again!
Remember, this is not a mom-and-pop corner sandwich shop. This is the largest private health insurer in Australia.
Last week they admitted that some patients who used a South Australian home hospital service were affected.
Even worse, they don’t know if hackers downloaded the data.
This is just one example; we see these every week.
Often times months later companies are still trying to figure out what data hackers accessed and what data they stole. Note these are different problems.
But as state privacy laws get stricter, these excuses won’t hold. Expect attorneys General to file lawsuits against companies that can’t tell the public what was taken in a reasonable timeframe.
In states where consumers can file their own lawsuits, expect consumer lawsuits.
They also don’t even know what data was accessed. Was it just your name? Or maybe also your bank or credit card information?
All of this means that companies need to up their game when it comes to their system logging and alerting practices, even if it is not mandatory by law.
It is what customers expect.
If you need help with this, please contact us.