Beware.. If you download ADATA data breach information, you may be committing a crime

A data breach of mega proportions involving 700 GB of corporate data has been reported in respect of a Computer storage Chip maker ADATA, a Taiwanese company.  The company was subject to a ransomware attack and probably because the company refused to pay the ransom, the hackers have released the data in the darkweb. It is claimed that the hacker has stolen 1.5 TB of data which could be business sensitive information. A small part of the information could be personal information.

(See details here)

We reiterate that the society should do everything to discourage such criminal activities including dis engaging the monetary activities of the Dark Web by a global ban on Crypto Currencies like Bitcoin.

Additionally we must recognize that when authorities impose fines for data breach, they should consider that if an organization is a victim of an attack by criminals, the penalties should be moderated unless there has been a gross negligence in implementing basic security. We need to encourage companies to stand up to the black mail of these criminals and not put additional pressures on the companies by imposing a debilitating fines. Ideally in such cases the penalties may cover the compensation of the losses suffered by the individuals in terms of privacy and cost of security insurance that they may have to take up on account of data leak if any and the administrative penalty for failure of security should be kept minimal.

For example in the ADATA case the company by taking an ethical stand not to pay ransom has already suffered substantial damage to its finances  and there is no point in beating it down further by administrative fines.

A third factor we would like to highlight is that any competitor who takes advantage of this data theft by downloading the data from the dark web must be punished as being involved in “Enrichment through a Crime”.

By the measures of banning the Crypto Currency and punishing those who would like to use stolen data for their business advantage, the society would grossly reduce the adverse impact of a data leak of this nature.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.