If your business was breached, would it be better to keep it a secret, or should you disclose it to your clients? Uber has proven that trying to hide it is a mistake, and a costly one at that.
In November of 2016, Uber was made aware that they had been breached, personal information from 57 million users and 600,000 United States-based drivers having been stolen by hackers. Uber quickly tried to hide the data breach, paying $100,000 to the hackers in exchange for the stolen data to be deleted and for their silence.
However, when Dara Khosrowshahi stepped in as CEO and learned about the breach, he quickly decided that the company had to come clean. As a result, Uber has now reached a settlement with the attorneys general of all 50 states and the District of Columbia. Under this settlement, Uber has to pay $148 million, as well as hire a third-party representative to routinely go over its data security measures and suggest improvements that Uber will have to adopt. Furthermore, Uber will also have to implement a “corporate integrity program.” This program will allow (or, more accurately, require) any ethical issues that employees raise to be addressed fully.
Uber is far from the only company who has kept data breaches under wraps for as long as they could. Google is finally pulling the plug on Google+, the search giant’s failed attempt at social media, as the result of a security breach that potentially exposed 500,000 users… three years ago.
We would also be amiss if we didn’t mention Equifax, which not only had the data of over 146 million Americans exposed on its watch, but also waited over a month to report it. Not only that, but some employees have even been charged with insider trading after offloading all of their Equifax stock between learning of the breach and it being officially announced.
So, what does this have to do with you and your business?
Consider, for a moment, the data that your business has collected. Chances are, there is quite a bit of overlap in the data you have stored on your clients and customers as Uber or even Equifax has. Uber, Equifax, and certainly Google can all absorb this kind of event – perhaps not without some consequences, but these companies are big enough that they will be able to bounce back from them. Could you say with 100 percent certainty that the same could be said of your business?
In short, if you are to suffer a data breach, you need to be open about it and come clean. Chances are, your clients will still be upset with you, but there’s a big difference between “my data was breached” and “my data was breached and you didn’t tell me.”
However, if you do everything possible to make sure that your data isn’t breached in the first place, you may not have to worry about disclosing one to your patrons. Machado Consulting can help with our cybersecurity solutions and best practice training. For more information, reach out at (508) 453-4700.
Information Technology’s Role in HIPAA Compliance
With HIPAA, sensitive patient information cannot be disclosed without the patient’s knowledge or consent. As many healthcare businesses move to electronic health records,...