There are time limits in many countries with regards to informing about cyber breach by an entity. More often than it is flouted if the enterprise can get away with it. In cases where the hack finds its way into the public domain and likelihood of a huge regulatory damage, some face saving acceptance is made. How much of the feels and loss the enterprises have been able to assuage of the hack victims, there is nothing documented to prove that it has been worthwhile from any point of view. The messy victim treatment which means the customers being treated shabbily has no end.
There has been a news item as recent as yesterday, which blares, “Sea-Tac Airport begins alerting victims in last year’s cyber attack.” The cyberattack happened last August at the Seattle – Tacoma International Airport. Now it said that 90,000 persons have been impacted. What a crazy response, with all laws in place, the Port of Seattle began mailing out notifications only on Friday. Of the impacted most live in Washington, around 71,000. The victims are in a pathetic situation not even knowing what they have lost. Data seems to have become a public football, where the real owner of data is meted with the worst treatment.
The hack was carried out by the ransomware gang Rhysida, as it is told. As expected ransom was demanded, it was 100 bitcoin which at that time was worth around $6 million. What is important to note is that airport and maritime facilities owned and operated by the Port were impacted.Scuh critical operations were impacted for about three weeks. As per the Airport’s Managing Director, Rhysida had posted 8 stolen files on its darknet site after the organisation had decided not to pay ransom. What havoc the data on stolen and leaked files have done to the victims, even they would never know.
What is intriguing is that the victims are left on to their own fate, but of late minimalist positive response is visible in a few cases. People impacted should get notification letters by the end of month. People who have shared information to the port before Aug 2024 and are concerned about it, and don’t receive notification mail, they can contact a Cyberattack call center number provided. This is certainly a positive and a welcome step. What is really encouraging is that the notification includes one year of credit monitoring and identity theft protection services.
IS THERE IS ANY WAY THAT THE HACK VICTIMS CAN BE PROVIDED WITH REMEDIATION, SUPPORT AND COMPENSATION AT THE EARLIEST.
Sanjay Sahay
Have a nice evening.