When most people discuss the top data breach announcements of 2018, they tend to look solely at a breach by the numbers. How much data was stolen, how many people were affected?
But here at SecureWorld, we're equally fascinated by the way companies announce they've been breached. This is because Incident Response planning is always a hot topic among security leaders at our 17 regional
So let's look at some ideas for your breach announcement from those we covered in 2018.
2018 data breach announcements
- Breach announcement letter:
Marriott was the largest breach of 2018, with 500 million of its Starwood brand customers impacted, and its breach announcement was complete "corporate speak." Read Breach Announcement Comparison: Marriott vs. Quora. Quora is an online Q&A site that had 100 million accounts exposed—it went for a more authentic style.
- Facebook Live breach announcement:
A water utility got hit by ransomware. The announcement came during a Facebook Live video recorded at a fiery all-staff meeting: "Do you bow your head, weakly, and say we'll pay you and risk another attack? Or do you look 'em in the eye and say we're Americans, we're North Carolinians, and by golly, we'll survive this too. That's what we say. That's what we're telling the cybercriminals and the world." Read and watch: The Hurricane, the Tropical Storm, and then the Facebook Live Breach Announcement.
- Twitter livestream breach announcement:
An e-commerce CEO gets high marks from customers after an incredibly authentic sounding breach announcement. Read and watch: Livestreaming a Breach Announcement: An Ecommerce CEO Just Ddid It.
The we-are-hiring breach announcement:
We are sure creating a security talent pipeline will be a hot 2019 security conference topic. And we have to give Reddit major kudos for trying to create one during its own breach announcement. Read Reddit's Breach Announcement: We Have Openings in Cybersecurity.
- The breach announcement that wasn't:
Lastly, what if you need to tell customers something is wrong but you don't want to say "ransomware" or "breach" because it may make people panic? You could try what happened in The Cyber Attack That's Never Been Officially Announced.
We hope these examples give you some ideas for your Incident Response communication plan in 2019!
[RELATED: Marriott Data Breach: Who did it, lawsuits, and more. See our 2018 Marriott data breach coverage stories.]