A leading lawyer is calling for a review of how hack attacks are reported to firms if uncovered by a third-party after one security firm was accused of holding victims to ransom.
The move follows the discovery of what is claimed to be the largest ever cache of stolen data – amounting to over 1.2 billion personal records – by Hold Security.
The Russian gang behind the theft of the user name and password combinations and more than 500 million email addresses has been tracked down in a small city in south central Russia, in the region flanked by Kazakhstan and Mongolia.
But no details have been released of the companies which have been hacked and Hold Security is now charging businesses $120 (£71) a month for a “breach notification service” to discover whether they have been attacked.
Osborne Clarke lawyer and partner James Mullock said: “An interesting feature of the attack having been uncovered by an independent security firm is the unstructured process by which news of which businesses have been hacked reaches those organisations.
“There is currently little legislative guidance regulating how that process should operate and it appears ripe for review.
“Business with a digital presence will be waiting with baited breath to learn whether their users are affected by this reported attack. It’s a nasty reminder of the cyber risk threat which organisations face in 2014 and the need for boards to be prepared for attacks such as this.
Hold Security founder and chief information security officer Alex Holden said: “Hackers did not just target US companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites. And most of these sites are still vulnerable.”
Related stories
Abortion charity hit by £200,000 fine
Cyber gang banged up for 30 years
Gang held in Santander hack scam
Only 2% of cops can fight e-crime
Cops ‘don’t care about cyber-crime’
Staffer held over Morrisons breach
Hackers ‘get ugly’ with mega attack
ICO issues funding ‘cry for help’
ICO faces £43m funding black hole
ICO gets nearly 4,500 calls a week
Are data enforcers up to the job?
UK data breach fines top £2.5m
ICO defends ‘paltry’ £250k Sony fine
Adobe data attack ‘may hit billions’
Top US stars hit by D&B breach
Foxtons hit by online hack attack
Hacking staff could wind up firm
58m rocked by Ubisoft hack attack
Mega Russian hack fuels call for law reform http://t.co/Eyxt8q3UvC #dataprotection #digitalmarketing #data