Zack Whittaker, TechCrunch:
Data breach notifications are meant to tell you what happened, when and what impact it may have on you. You’ve probably already seen a few this year. That’s because most U.S. states have laws that compel companies to publicly disclose security incidents, like a data breach, as soon as possible. Europe’s rules are stricter, and fines can be a common occurrence if breaches aren’t disclosed.
But data breach notifications have become an all-too-regular exercise in crisis communications. These notices increasingly try to deflect blame, obfuscate important details and omit important facts. After all, it’s in a company’s best interest to keep the stock markets happy, investors satisfied and regulators off their backs. Why would it want to say anything to the contrary?
The next time you get a data breach notification, read between the lines. By knowing the common bullshit lines to avoid, you can understand the questions you need to ask.
A good guide to the language used in these announcements. Data breach notifications are, after all, just a form of press release, and should be viewed through the same skeptical lens.