In one incident about a year ago, I notified a large multi-national insurance provider of a data breach incident. This multi-national insurance company specialized in providing insurance coverage for low-income families . I discovered the incident on the now defunct black market Evolution, a bad actor trafficking insurance records that had Personal Identification Information also payment information. Moreover, the records had the PII of minor children of those families. The bad actor boasted every time he sold records to pedophiles and fraudsters. After several Ponemon Cost Of Data Breach attempts via phone calls and emails to this insurance company, and their counsel in dc and their at their headquarters to address the matter they ceased to respond to me.
They did however contact a law enforcement agency to file a complaint against me. Long story short, three months later the incident went public, then one month later their ceo in a quarterly telephone report shared that, their company had fallen victim to a data breach incident by an insider. This was the information I was trying to share with them but they chose the deny game rather than responsibility, and by doing so the bad actor has gone unpunished. The bad-actor/insider was a former employee that frequently returned to one of the insurance agent’s office to visit with friends. The policy of this insurance agency was only to use one shared login and password agency wide for employees, notably the bad actor shared that the login and password had not been changed since his departure from the company several years prior, and that the manager kept it written on a note taped to her desk.
The handling of data breach incidents cost us all as a result that is often times directly related to the and Boardroom decisions to either be transparent or play the deny game. Do these organizations that report to care about their customer victims really care? The answer is unequivocally, yes! However much like everything else, there are a few bad-apples out there. I will be the facts of the Protecting Patient Privacy And Data Security and the deny games this c-suite has chosen to play. I have reached out to them to offer free of charge assistance to help them protect their customer victims and brand.
I am compelled to start this blog in an effort to provide consumers, law enforcement, and governing bodies the real facts of a data breach incident and not the facts that organizations are paying their law firms to spin. I hope that this site will be a revelation to all and create a sea of change at the c-suite level, and boardrooms worldwide.
This inherently gives rise to wonder who are truly profiting from a data breach incident, and what is being done to institute a new set of Best Practices Policy. Is technology to blame? Is it government oversight? Is it Law Enforcement? The answer is simple: Negligent organizations are to blame for the victimization that is costing us all. We have the best-of-the-best in law enforcement, and I think of those that have proudly and with honor have served our country on this Day. They certainly need to be commended and thanked for producing the results they do given the limited amount of information those breached organizations share during the investigation.