Samantha Humphries provides an insight below on the incident that 92 million MyHeritage user accounts have been compromised discussing the incident and how GDPR now comes into play for data breaches. According to reports, the genealogy website and DNA testing service suffered a data breach where the email addresses and hashed passwords of its customer database were found on a private server.
Samantha Humphries, Senior Product Marketing Manager, Global Markets & Compliance at Rapid7:
“MyHeritage’s disclosure of the breach is a prime example of both how to effectively communicate an incident and in what timeframe. GDPR does necessitate that an organisation disclose a breach within 72 hours of being alerted to the incident, which MyHeritage apparently beat. But, more importantly, they performed a rapid investigation to verify the incident, explained the way in which they had hashed the passwords and even unveiled early plans for future two-factor authentication implementation.
“While compliance is never a replacement for securing sensitive data, regulations like GDPR are not simply about sending out an abundance of opt-in emails. Rather, when followed correctly, GDPR is a valuable guideline to help companies investigate incidents quickly, notify the public about a breach in a timely manner and further help protect people’s information.”