The computer maker reported yesterday meaning , 20 days later (No wonder GDPR mandates less than72 hours for notification) that it detected and disrupted unauthorized activity on Dell.com on Nov. 9. Dell, automatcially reset the passwords WITHOUT INFORMING THE POTENTIAL VICTIMS.
This might sound good but we know people reuse the same login information over several sites so, breach notification should have gone out immediately.
“This incomprehensible action of mass password reset may damage Dell’s reputation of a vendor who cares about information security and privacy. Preventive password reset can certainly be helpful; however, it should be properly accompanied with assuring explanations and transparent next steps,”
https://www.scmagazine.com/home/security-news/dells-belated-data-breach-notification-angers-cybersecurity-industry-exec/
No comments:
Post a Comment