While such a discovery as this one should come as no real surprise to those familiar with the vagaries of cyber attacks, it serves to illustrate my (and others’) contention that we get to learn about only a very small percentage of the total of number of data breaches.
There are, of course, a several reasons for this. One, which the above news report well illustrates, is that a large number of organizations, which have been subjected to successful cyber attacks, never find out about them other than by chance. This is particularly true of insider hacks, where the perpetrator often has proprietary knowledge of internal systems and is well able to operate “under the radar.” The very circumstances under which such discoveries are made lead one to believe, by inference, that we are only seeing the tip of the iceberg, with likely 90 percent or more hidden from view. There are also many situations in which organizations choose to keep information of successful attacks out of the news media for fear of damage to their reputations and the consequent loss of business. Even when a company, government agency or other institution is bound by the law to disclose data breaches involving personal information, and they follow the required notification protocols, information of such events may never be captured by the news media and will not make the tallies of breaches that are posted for all to see.
Popularity: unranked
