Small Data Breach, Large Data Breach; Cyber Insurance Anyone?
In the past week, more data breaches were reported in both local and national news.
Last week, The Briar Group, which is a Boston area restaurant chain, was fined $110,000 by the state attorney general for failure to protect customer credit and debit card information. The restaurant chain was alleged to have experience a data breach on their computer system in 2009 that compromised customer card information, and that the glitch took eight months to fix.
Contrasting the relatively small Briar Group breach is the Epsilon breach, in which email addresses estimated in multiple of millions were compromised. Epsilon public commentary is not surprisingly sparse at this point. The only message to the general public is that the breach was limited to email addresses only, and that no social security numbers or credit card information was compromised. Of course, that remains to be seen, but industry security experts are nonetheless calling the breach as "massive", and according to Computer World's blog, as the "hack of the century". This one is going to take a while to flush out, but as an observer, it certainly seems to be ominous to say the least.
Stepping on to my trusty soap box, I tell you once again that data breaches are real, they are local or national, and they are going to continue. Get to know your data security measures, because you are legally married to them.
Who knows what the logistics are behind the Briar Group breach, but regardless, they were breached. Smaller businesses supposedly work with 3rd party vendors that take care of their data security. Hmmm. Conversely, large companies are supposed to have the means to handle their own data security. Hmmm.
It's becoming somewhat obvious that companies of any size are vulnerable, regardless of how magnificent their security solution is. Cyber Insurance anyone?