How to Decode What a Data Breach Notice Means to Its Victims

Almost all breach notifications look very similar. That said, we still need to decode them to see what they really mean for the targets of the data breach.

What Do Data Breach Notifications Look Like and What Do They Mean?

Data breach notifications are designed to inform you that something has happened to you, when it happened, and what impact it may have on you and your business. Most American states have laws in place that force businesses to publicly disclose security breaches as quickly as possible. The EU's laws are far stricter, and fines are common in cases when these security incidents are not publicly disclosed.

However, data breach notifications have become increasingly common in crisis communications. Instead of helping resolve the issues, these notifications are used to deflect blame, hide important details and important facts about the circumstances surrounding the security incidents. The corporations are more interested in keeping stock markets happy and their investors are satisfied, than disclosing the truth to the public.

So the next time you see a data breach notification, read between the lines. When you see some common placeholder lines like: "We take your security and privacy seriously" you should know that it really means "We had to say this to make you feel safe." This is one of the most common lines spotted in virtually all data breach notifications. Unfortunately, most big companies do not really care about the privacy or security of client data, aside from potential lawsuits or fines.

Another common thing you might spot in a data breach notifications is some variation of "We recently discovered a security incident/breach." Sounds straightforward, but who was the one who "recently discovered" the security incident. Was it one of their people or was it an outsider forcing them to disclose it? Often it's a white hat hacker who discovers these things and the company is forced to report it first, or risk looking ignorant of a data breach in their own servers and incompetent.

Also, when there is some kind of security incidents the companies will call the attacker and "unauthorized individual" in order to shift blame from their own bad security habits. "Unauthorized access" means someone illegally broke into their network but how? The most common way is by using the login user credentials (username and password) of someone, usually an employee or someone else associated with the company.

Unfortunately, attackers aren't always caught during the breach itself. In a lot of cases, most bad guys have vanished by the time a company learns about the security incident. That's when they say they're "taking immediate steps" or some variation of that line. When a company says that don't think they've been acting since the moment of the breach. No, they've been acting since the moment they were informed of it.

That's when they call on their "cyber forensic investigators," which means another company specializing in this sort of thing, not people from their own staff.
These people will try to help them figure out how the incident happened. This works in the company's favor because, they can collect on any cyber-insurance they have and hopefully prevent something like this happening again.

Unfortunately, the term "forensics" can be used a bit too loosely by these companies. Sometimes they use their own internal investigators, which is a problem because there is a blatant lack of accountability. Often times they may attempt to hide anything that exposes poor security practices from people within the company. This is one of the many reasons independent security experts should be consulted in the event of a data breach or some other security incident.