Usenext and Usenet.NL Disclose Data Breaches but Cannot Decide Who's to Blame

On April 29, 2020, two major Usenet service providers almost simultaneously disclosed security breaches to their systems. Interestingly enough, the messages that UseNeXT and put out were nearly identical, and nearly identically vague, announcing to the world that the data of their customers has been pilfered while placing the blame on "a security vulnerability at a partner company."

While that's not much in the way of an explanation as to what happened, that's all UseNeXT, and users got after it turned out that the security of crucial data, such as their names, billing addresses, payment details (IBAN and account number), and other relevant registration information had been breached.

While the companies did issue warnings and advice to its clients that may have been affected by the data breach, the fact remains that people's financial information was stolen by an undisclosed attacker, which puts said clients in a precarious position. This information could be used to defraud the users and their contacts and associates, as well as for other more nefarious purposes. The gravity of the situation can't really be understated – yet the reaction given by both companies seems to amount to a shrug of the shoulders, and a mumbled "wasn't our fault."

This is a problem observed by private persons, corporations, government entities, and super-national organizations alike. The legislation is yet to catch up with the times as far as data breaches are concerned. While there have been concerted efforts on the part of some lawmakers to throw light on the data breach aspect of data protection, that's an instance where regulation is sparse at the best of times and usually – virtually nonexistent.

What's interesting about the subject is that it's not a new or particularly unknown issue – data breaches have been a problem for well over a decade. Serious talks on how to deal with them have been happening for well over five years, as demonstrated by such events as the U.S. Senate Hearing 114-78 of 2015, and the 2018 letter of U.S. Senator Catherine Cortez Masto (D-Nev.) and Senator Amy Klobuchar (D-Minn.) to Google's CEO expressing concerns about Google's handling of the Google+ data breach, to name but a few striking examples.

In the E.U., the implementation of GDPR has ensured that measures are taken to quickly report data breaches to national supervisory authorities, with violators of the GDPR facing fined up to €20 million, or up to 4% of the annual worldwide turnover, whichever is greater. This seems like a step in the right direction and a way to ensure that companies don't hide crucial information from their customers, which is presumably why similar rules were implemented in Chile, Japan, Brazil, South Korea, Argentina and Kenya. Be that as it may, it doesn't address the main issue that is plain to see – data breaches happen with alarming frequency nowadays, and seem to have become the norm of late. News of information leaks, hacks emerges every day, and its importance seems severely undervalued, in spite of the severe impact such events can have on a large number of people.

Measures Companies Can Take to Prevent Data Breaches

Companies can take security measures to prevent and mitigate the effects of data breaches. Reporting said breaches on time, as per the GDPR, is certainly necessary, but not sufficient. The importance of investing in cyber-security can't be overstated here, especially if you're a high-value target for cyber-criminals. This is why hospitals and small local government agencies are so often on the receiving end of malicious attacks, hacks, and leaks – they tend not to consider I.T. security a top priority. This stance should definitely be reconsidered, especially in light of current trends.

Measures Users Can Take To Prevent Their Data Bing Leaked

In many ways, it is also the user's personal responsibility to keep their data safe. How? Well, don't give it over to companies that you don't completely trust. While high-value targets such as Google, Decathlon, and Equifax can end up breached, it's still a good practice to not disclose important personal information unless you absolutely have to and to do a bit of research on a company before you give your data to it.

What Users Can Do in Case Of A Data Breach

If the privacy of your data has been breached, you should immediately take measures to ensure that said data can't be used to harm you, financially or in any other way. A good way to think about the event is to treat it like someone stole your handbag, with all your documents and credit cards and keys in tow. You need to immediately make sure that any bank accounts can't be reached with the pilfered information, and that the cyber criminals can't get access to other aspects of your life due to their access to your information. Immediately changing all your passwords and taking the time to examine the activities on the affected account is an absolute must.

May 6, 2020

Leave a Reply