Pages

Thursday, April 15, 2021

Radio Silence on Accellion Breach - Part 5

There still isn't much to be heard about the Accellion data breach from the powers-that-be. The Regents were apparently briefed at a closed meeting on April 2:

One faculty member - no, it wasn't yours truly - responded to the various emails that have circulated from on high suggesting registering for one year of free identity theft monitoring. From a reply email that went to the entire department:

Well, it has now become commonplace for any organization that has a data breach to simply offer one free year of credit monitoring. Probably the organization consults "legal" and "legal" says just do whatever others do. It becomes an equilibrium and of course the organization is advised not to express any empathy by "legal".

One year of free Experian does not even come close to the inconvenience and even stress experienced by employees. SS# leaks have become commonplace, but I was aghast to see the casual admittance that unencrypted direct deposit *bank account numbers* and names have been leaked. Accellion needs to be held accountable and the accountability needs to directly flow to employees.

Also, note that Experian will rely on "autorenewals" at cost to employee after the "free" period!  Thus, if a fair compensation is to be on the table, I'd suggest a 10 year free monitoring proposal.  And even that would be inadequate...

There isn't much to add to the sentiments above.

No comments: