A Greater Town : US : CT : Hartford : Legal & Financial : Insurance — Special Risks Insurance

Attorneys General Investigating LivingSocial Data Breach May Be a Good Reason to Buy Cyber Insurance

Special Risks Insurance

Updated on May 12, 2013

Edit post | View more like this | Visit Hartford, CT | Contact Cyber Data Risk Managers
Cyber Insurance with Data Breach Response Services
can be Utilized when Establishing an Incident Response Plan



And so it begins.... Attorneys General Investigating Recent LivingSocial.com Data Breach

AGs are increasingly becoming more proactive in investigating data breach and privacy related issues. The recent LivingSocial data breach should be sufficient proof that AGs have their antennas up.

LivingSocial, an online daily deal company, experienced a recent cyber attack that affected more than 50 million of its customers. Accordng to LivingSocial the information accessed included names, email addresses, dates of birth for some users, and encrypted passwords. Fortunately, LivingSocial uses hashes and salts to secure passwords. This means the password is scrambled with an algorithm, hashing, and then salted -- mixing in random characters, which means a hacker would have to unscramble all of this to access the password. LivingSocial reported that the database that stores customer credit card data was not accessed or affected by the attack.

The Attorneys General from Connecticut and Maryland recently wrote to LivingSocial to request more information on their recent breach and how it may impact consumers.

Below is a recap of the questions and the information that the Attorneys General have requested in their recent letter to LivingSocial:

- How was it determined that no financial or credit card data was compromised?

- What types or categories of information was compromised? and what is the total number of affected individuals in each type or category?

- Are user accounts directly tied to stored payment card information?

- Were any users' mailing addresses compromised? How did you reach that conclusion?
- How do you store your users' information? Do you encrypt and segregate user data?

- How do you store and protect users' passwords?

- How long is user information stored? Do you automatically delete user data after a certain period of time?

- How can users delete their information?

- What internal procedures were in place prior to the breach?

- Have you received any complaints from users regarding any unauthorized charges on their credit or debit cards or other financial accounts linked to their LivingSocial accounts?

- What are the findings of your security and/or forensics analyses concerning this incident?

- What steps have you taken to prevent a recurrence of another incident from happening?

LivingSocial seems to be quite proactive in its incident response efforts and appears to be doing a good job at informing AG offices and its customers of the breach. However, with more than 50 million customers affected, this breach could turn out to be very costly for LivingSocial in the end. Besides that, now they must answer all of the questions the AGs have posed to them and provide supporting documents, details and privacy and security policies. This will turn out to be a lengthy and time consuming process for sure.

If an Attorney General came knocking on your door after a breach, would you be ready? Hopefully the questions above will be helpful to you when you are reviewing or creating your data breach/security incident incident response plan. Perhaps, the AG should have included one more question... "Do you have a cyber/data breach insurance policy in place to help respond to your security incident?" Having such a policy can help save the expensive man hours required above.


For information on Cyber Insurance or Cyber Security, CONTACT:

Christine Marciano
CYBER DATA RISK MANAGERS LLC
US toll free: 1 +855.CUT.RISK
www.DataPrivacyInsurance.com
Twitter: @DataPrivacyRisk

goodideazs, LLC is not affiliated with the authors of this post nor is it responsible for its content, the accuracy and authenticity of which should be independently verified.

About | Advertise | Terms | Privacy | Contact A Greater Town

Top Business Listings | Banner Art Gallery | Blog | Seo Site Crawler

Copyright © 2007-2019 goodideazs, LLC. All rights reserved.