[Dataloss] More on the BofA card-cancellations
security curmudgeon
jericho at attrition.org
Fri Feb 10 17:08:40 EST 2006
On Fri, 10 Feb 2006, Adam Shostack wrote:
: The only explanation(s) I can think of for not disclosing are ongoing
: investigations, which is starting to get thin as details leak, and that
: the data was "encrypted."
Adam brings up an interesting point about this case and possibly others.
How many companies are holding off on notification of any kind, citing
"ongoing investigation"? If the FBI is involved and have exhausted leads,
the case stays open for 7 years (or more). This would be a convenient way
for a company to hide an incident from the public and possibly escape
legal obligation to do so.
More information about the Dataloss
mailing list