Beware of the "Unauthorized Third Party"
The Web Is Wide: Learn How to Respond to Hacks
Uber Technologies Inc., the car-booking juggernaut, recently admitted that its internal database was hacked by an “unauthorized third party” last year. According to Insurance Journal, the personal information of 50,000 drivers for the company could’ve been compromised. This particular hack occurred last May, but its public announcement comes on the heels of recent hacks at Sony Pictures and Community Health Systems. As cyber breaches continue to make headlines, especially in the tech industry, it’s time to look deeper at what a data breach is and how to respond to one.
Defining a Data Breach
A data breach is an incident where Personal Identifying Information (PII) is accessed and/or stolen by an unauthorized individual. Examples of PII include:
- Social Security numbers
- Credit card information
- Tax identification information numbers and biometric records
- Payroll information
- Medical information for any employee or customer
- Other personal information of a customer, employee or contractor
Your Notification Responsibilities
Responsibility to notify is based both on the number of individuals affected and the nature of the PII that was accessed. Any information found in the initial risk assessment should be turned over to the legal counsel of your company who'll determine what notification may be required. Notification should be made in a timely manner, but make sure the facts of the breach are well established before proceeding.
Helping You Recover from a Data Breach
At Assurance, we understand the negative effects a data breach can have at your company. Catch our webinar Replay, to learn more about data breaches and database safety.
- FYI: Cyber Claims Excluded from General Liability Coverage
- Private Companies Must Wake Up on Cyber Liability Insurance
- Cyber Attacks: A Growing Business Interruption Threat
- Cyber Liability E-Book
ABOUT THE AUTHOR