"How Companies Time Data Leak Disclosures"

Millions of people's personal data, such as passwords, credit card information, or health information, fall into the hands of unauthorized individuals due to hacking or data processing errors by companies every year. From financial losses to identity theft, the consequences for those affected can be significant. Companies in many countries are required by law to report such incidents to regulatory authorities and notify their customers. As a result, such leaks are often made public. In such cases, a quick response is required to limit the spread of the stolen data and avoid abuse. However, the deadlines set by law allow companies to be flexible in their disclosure timing. In the EU, any data leak that poses a risk to the individuals concerned must be reported within 72 hours. In the US, reporting deadlines range from 30 to 90 days, depending on the state. When Jens Foerderer, a professor of innovation and digitalization at the Technical University of Munich (TUM), and Sebastian Schuetz, a professor of information systems and business analytics at Florida International University (FIU), examined such incidents, they discovered that share prices were relatively unresponsive to data breach announcements. According to Foerderer, leaks harm a company's image and cause customers to lose trust, which should result in a sharp drop in stock market valuation. Their hypothesis was that other news had diverted investors' attention. Using information obtained from the non-profit Identity Theft Resource Center (ITRC), they identified the time of disclosure of over 8,000 data leaks of publicly traded US companies between 2008 and 2018. Then they compared the timing to the dates on which many companies presented their quarterly results. The study backs up the researchers' hypothesis that there was a significantly higher incidence of data breach disclosures on days when other news dominated the headlines. In the case of severe data breaches stemming from internal negligence or errors, as well as leaks of health information or personal identity data, there was a particularly strong correlation between the general news situation and the disclosure date. This article continues to discuss the research on how companies time data leak disclosures. 

Help Net Security reports "How Companies Time Data Leak Disclosures"