Over the past ten days I have received notification that my data "may have been compromised" from a small medical practice, a university alumnae association, and this morning a major 401c organization. What is stunning is the range of responses.
- The medical practice offered free identity protection and insurance for a year. A more than expected response in my opinion, and it will pick up when the free identity protection I received when my bank had a data breach ends. 👍
- The alumnae association offered their apologies and a lot of hand waving. 👋 At least they told me about the data breach 🤔
- The 401c sent a link to the notice they had received from their vendor where the data breach had occurred and promised their attorneys are investigating further. It is the vendors' action that blows my mind and not in a good way.🤯
Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly.
Given this was a criminal action...
- who on God's Green Earth would anyone believe all copies the data had been deleted?
- How could that possibly be confirmed?
- What fantasy world are these people living in?
No wonder the 401c is sending investigators and this particular organization has the investigators to do it!
All this reminds me of the old saw, "Just because I'm parnaoid doesn't mean they aren't after me."