Byte-size Bulletins

Security communications are crucial conversations

Written by Simon Heath | Apr 23, 2021
 

This April saw reports of a data breach at Facebook that happened in 2019. Half a billion accounts were stolen, including telephone numbers and birth dates. These are now freely available to hackers.

 

Facebook responded that it hadn’t informed users as it was “old data”. However, birth dates don’t change and are used as security check questions. Mobile numbers are also often used to authenticate accounts, and people rarely change numbers. The data may be "old" but it is still valid. Many commentators were infuriated by Facebook’s lack of transparency and communication. The Irish Data Protection Commission announced its plans to investigate.

 

Subsequently, an internal Facebook email was accidentally sent to a journalist and has led to further criticism of them failing to meet their obligations around breach reporting and have their customers’ best interests at heart. It’s not necessarily the breach that is the problem, but how they dealt with it.

 

Commentators think Facebook are big enough in terms of market reach, money and resources to ride out the storm and regulatory fines. Most leaders of small and medium businesses could not afford to communicate poorly about data security. Should your clients be affected by a breach of your systems or processes, you’ll want to be well informed for that crucial conversation. Being involved in decisions and receiving regular security updates is the best way to be prepared.