The Briar Group is defending a six-week delay in notifying the public that its restaurant customers' credit card data were stolen last fall, saying it took that long to confirm hackers had breached its system.
But security experts say it shouldn't take that long to establish a breach has occurred, noting that the Briar Group had hired the well-regarded firm McGladrey LLP to investigate the matter.
"It doesn't take a month to identify a breach," said Al Pascual, senior analyst of security, risk and fraud at Javelin Strategy & Research in Pleasanton, Calif.
Meanwhile, two weeks after confirming the breach, the Briar Group still doesn't know the number of customer accounts accessed and how, or the exact timeframe in which it occurred.
"Our investigation into the nature and scope of the breach is ongoing," spokeswoman Diana Pisciotta said.
After receiving initial calls from customers about unauthorized credit card transactions on Nov. 15, the Briar Group said it immediately asked McGladrey to investigate. The company notified Attorney General Martha Coakley of the investigation on Nov. 21. The Briar Group, which owns 10 restaurants including Ned Devine's, Harp, Anthem and M.J. O'Connor's, only publicly announced on Dec. 27 that its payment system was compromised, and stated it believed the breach ran from "sometime in October" to early November.
"Investigations into potential security breaches can take a significant amount of time," Pisciotta said. "We notified customers once we were aware that an actual breach had occurred and had enough information to provide reasonable notice, which wasn't until late December."
It was the second security intrusion for the company, which in 2011 paid $110,000 to settle a lawsuit filed by Coakley for its failure to secure customers' information in a 2009 breach.
Coakley spokesman Christopher Loh said in the current case, "Our investigation ... is focused on determining if any violations of state law and the prior consent judgment occurred, as well as the extent of the breach."
A good security team should have identified the breach quickly, but it's not uncommon for probes to take a month or longer, said Chris Morales, research director at NSS Labs, an information security research and advisory firm.
"It's not reasonable or practical, but it's really how long sometimes it takes," he said. "I've been to very large enterprises with very large security teams that are good that also have had similar issues. The whole industry still needs to change the way it does certain things."
Anda sedang membaca artikel tentang
Briar defends breach delay
Dengan url
http://sedangapasaja.blogspot.com/2014/01/briar-defends-breach-delay.html
Anda boleh menyebar luaskannya atau mengcopy paste-nya
Briar defends breach delay
namun jangan lupa untuk meletakkan link
sebagai sumbernya
0 komentar:
Posting Komentar