Myheritage Has Shown How To Effectively Communicate And Investigate An Incident Post-GDPR

By   ISBuzz Team
Writer , Information Security Buzz | Jun 07, 2018 02:30 am PST

Samantha Humphries provides an insight below on the incident that  92 million MyHeritage user accounts have been compromised discussing the incident and how GDPR now comes into play for data breaches.  According to reports, the genealogy website and DNA testing service suffered a data breach where the email addresses and hashed passwords of its customer database were found on a private server.

Samantha Humphries, Senior Product Marketing Manager, Global Markets & Compliance at Rapid7:

“MyHeritage’s disclosure of the breach is a prime example of both how to effectively communicate an incident and in what timeframe. GDPR does necessitate that an organisation disclose a breach within 72 hours of being alerted to the incident, which MyHeritage apparently beat. But, more importantly, they performed a rapid investigation to verify the incident, explained the way in which they had hashed the passwords and even unveiled early plans for future two-factor authentication implementation.

“While compliance is never a replacement for securing sensitive data, regulations like GDPR are not simply about sending out an abundance of opt-in emails. Rather, when followed correctly, GDPR is a valuable guideline to help companies investigate incidents quickly, notify the public about a breach in a timely manner and further help protect people’s information.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x