Opinion

FUD Watch: Sometimes, Data Breach Hype Is Justified

Each new data breach shows just how off the mark organizations can be when it comes to security. Public hangings may be necessary, but the facts had better be solid

By Bill Brenner, Senior Editor

Glasgow's Sunday Herald reported Sunday that hackers accessed the data of every single customer who had stayed at one of Best Western's 1,312 European hotels this year and in 2007. The article had "exclusive" stamped high up on the page, and was quickly slammed by Best Western as "grossly unsubstantiated."

In subsequent days, reports have flowed in - largely from Best Western itself - that the report was indeed a huge exaggeration. While the hotel chain did suffer a breach, it appears that only 10 guests were affected.

Which number is closer to the truth? Time will tell.

In the final analysis, I'm for keeping the media pressure on companies that ignore security at the peril of millions of people. Given the damage that can be done when someone's personal information falls into sinister hands, a little FUD might be necessary.

But when that's the case, the FUD had better be based on undeniably solid evidence.

About FUD Watch: Senior Editor Bill Brenner scours the Internet in search of FUD - overhyped security threats that ultimately have little impact on a CSO's daily routine. The goal: help security decision makers separate the hot air from genuine action items. To point us toward the industry's most egregious FUD, send an e-mail to bbrenner@cxo.com.

Other stories by Bill Brenner

• Email
• Print
• Comments
• Digg This
• SlashDot

• The Complete Guide to Security Breach Disclosure
• CSO Disclosure Series | Data Breach Notification Laws, State By State
• Data Breach Fallout: Do CISOs Need Legal Protection?