Yahoo breach data reveals the need for ethical breach reporting

Responsible breach disclosure

John Bambenek, threat systems manager at Fidelis Cybersecurity, said he could understand the concern of InfoArmor considering the company “appears to sell services involving proactively looking for breaches and threats to members of an organization.”

“It’s a new area so ethical norms are still developing. Having a conversation with a company about data your service intercepted where such information flow would be part of a commercial offering can get weird. When I have come across stolen data, my personal first approach is to bring it to law enforcement and a trusted contact at the victim organization if I have one. Involving law enforcement upfront helps mitigate some of the ethical issues that can occur,” Bambenek told SearchSecurity via email. “That being said, if InfoArmor made no attempt to contact Yahoo or law enforcement for two months (assuming the facts of the reporting are correct), I find

Read more at: