Security News > 2022 > December > How companies time data leak disclosures
Every year the personal data of millions of people, such as passwords, credit card details, or health details, fall into the hands of unauthorized persons through hacking or data processing errors by companies.
In the EU, any data leak that may result in risks for the concerned individuals must be reported within 72 hours.
The researchers identified the time of disclosure of more than 8,000 data leaks of publicly traded US companies between 2008 and 2018, using information obtained from the non-profit organization Identity Theft Resource Center.
There was a particularly strong correlation between the general news situation and the disclosure date in case of serious data breaches caused by internal negligence or errors and in case of leaks of health information or personal identity data.
"On heavy news days, both newsrooms and analysts have to prioritize the information they pick up. Our results suggest that companies strategically schedule the disclosure of data leaks and deliberately target times when the announcement will receive less attention," says Foerderer.
"Companies that bury their data handling mistakes under other news thus avoid public pressure for them and other companies to take stronger measures against data breaches," says Sebastian Schuetz.
News URL
https://www.helpnetsecurity.com/2022/12/05/data-leak-disclosure/
Related news
- Shopping platform PandaBuy data leak impacts 1.3 million users (source)
- Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise (source)
- Home Depot confirms worker data leak after miscreant dumps info online (source)
- Cerebral to pay $7 million settlement in Facebook pixel data leak case (source)
- UnitedHealth confirms it paid ransomware gang to stop data leak (source)
- UK data watchdog wants six figures from N Ireland cops after 2023 data leak (source)