Do we need tougher breach notification rules?
Hell, yes! Oh, you want more rationale and calm analysis? Read Nic Fearn’s reporting:
When Travelex was hit by a ransomware attack on New Year’s Eve, not just taking down its website, but the systems that enable it to do business, it was days before it even admitted it. Even then, it would only say that it had been hit by a virus.
And as speculation mounted, it took a week before it admitted that the virus was, in fact, ransomware – just as the speculation had suggested.
Furthermore, the company was adamant that no personal data had been compromised. Indeed, it was so confident that it didn’t even bother notifying the Information Commissioner’s Office (ICO) within the 72 hour deadline demanded under GDPR.
Read more on Computing.