How Are You Affected By The Recent Massive Data Breach?


As you have probably seen, it was announced on Tuesday, August 5th, that usernames and passwords from 1.2 billion Internet accounts from over 420,000 websites were stolen by a criminal organization in Russia. According to additional information we've received and other press reports, a Russian cyber gang known as CyberVor acquired databases of stolen information that were used to engage in phishing attacks. They then moved on to using botnets that exploited websites with SQL injection vulnerabilities.

While the names of the compromised websites have not been released, we recommend that you assess whether your organization may have been affected and, if so, what action needs to be taken. FIRST, talk to your IT department about whether there has been any unusual activity on your network. SECOND, find out from your customer service department whether any complaints or concerns have been raised by customers. THIRD, for companies that have not performed a security audit recently, this might be the time to do so. FINALLY, if you find that you are the victim of a security breach, our Privacy & Data Protection practice group (PDP) can help you.

From a customer-facing perspective, we further recommend that you provide advice to your customers that may help them with not only your particular site but also with other sites they may visit. In particular, customers need to be made aware that they should be vigilant and monitor activity of any websites to which they have registered. If they identify suspicious activity, they should change the password of that site and contact the appropriate support personnel.

We recommend that your customers consider the following when creating passwords so as to minimize their exposure to hackers:

  • Do not use the same password. When hackers get username and password information for one site, they begin to try them on other sites. If you use the same password for e-mail as you do your bank, a compromise of your e-mail provider easily puts your finances at risk if the passwords are the same.
  • Use complex passwords. Create passwords that are greater than 8 characters and have a number, letter, and special character. A common method is to use a sentence that is easy to remember like "I love C00ley!"
  • Get a password safe. There are many password safes for your smartphone or home computers so you can easily store all your passwords.
  • If available – use two-factor authentication. If a site offers additional security features like secondary or two-factor authentication, enable them. Then, when you enter your password, you'll receive a message (usually a text) with a one-time code that you must enter before you can log in. Many bank sites and major sites like Google and Apple offer two-factor authentication. In some cases, the second authentication is required only if you're logging in from a new computer.

Cooley PDP attorneys have substantial experience leading incident response efforts and advising companies (including those in the online, retail, financial services, technology, and life sciences fields) that have experienced data breaches or other data security incidents. For incidents that trigger regulatory investigations or class action litigation, we put together the right team with the appropriate experience to handle all aspects of the client's problem, and we take a collaborative approach to developing solutions in the most strategically sound, practical, and cost-effective manner.

If you do happen to be affected by this latest massive attack, please give us a call. If you have not been a victim, you may nonetheless want to consider a cybersecurity liability "tune up."

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cooley LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.