With the recent lastpass and norton lifelock breaches of password managers, this might be the time to publish this article I had recently read in regards to strengthening the timeline in which we get notified.
With the lack of transparency from Lastpass, this will definitely change the game on how companies work.
The article is titled FCC proposes stronger data breach rules, faster notifications for telecoms and I hope it goes beyond telecoms and to all companies.
As we’ve learned throughout the Lastpass fiasco, no company is safe anymore, and Norton’s Lifelock password manager is not necessarily at fault, but targeted just the same.
Just like companies like Freshbooks, who wasn’t necessarily targeted but was used as phish bate, we know that they were transparent on letting customers know as well as putting out a blog post.
If they can do it, even though they were never breached, why can’t other companies? They’re just as small as the JRN, although they have employees and they service more than the JRN, they still did it.
As we’ve learned through Lastpass’s fiasco, a conversation I had with a technologist on twitter indicated they weren’t forthright, and it shows with podcast 905 of Security Now.
While the article talks about the fact that telecoms once had a 7 day waiting period, a week is way too long. And just like with Lastpass, no major company really told us what really ahppened, and continues to promise us that it won’t happen again.
I’d personally rather hear that we’ll do our best to make sure it doesn’t happen again, not “it won’t happen again.” We have no assurance of that, now do we?
There’s more to the article, but if the FCC can possibly change the telecom industry, maybe other companies will notice outside of that industry.
I guess we’ll see what happens, and btw this only affects the U.S. and not other countries.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.