Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share

Customers Ticked Off Over Breach Notification

Majority of customers have had their data exposed more than once, study says

Apr 17, 2008 | 08:40 AM

By Tim Wilson
DarkReading

Consumers are mad as hell about corporate security breaches, and they aren't going to take it anymore. Well, about a third of them aren't, anyway.

Some 31 percent of customers who have been notified of the possible exposure of their personal information have terminated their relationship with the breached company, according to a study published earlier this week by the Ponemon Institute and security vendor ID Experts.

More than half of the respondents (55 percent) said they have been notified more than once over the last two years about a breach involving their personal data. Eight percent said they have received four notifications or more.

In the study, consumers also groused about the way they were notified of the breaches. More than 55 percent of respondents said they received their notifications more than one month after the incident, and more than 50 percent of respondents rated the timeliness, clarity, and quality of the notifications as either fair or poor.

Only 2 percent of respondents who had been notified of a data breach said they had definitely experienced identity theft as a result of the breach. Sixty-four percent said they weren't sure if they had fallen victim to identity theft.

Twenty-six percent of respondents took no action after being notified of a breach. Fifty-seven percent said they lost trust and confidence in the breached organization.

— Tim Wilson, Site Editor, Dark Reading


Subscribe to RSS










Bugs
ENTERPRISE VULNERABILITIES
Vulnerability:cxf
Published:2010-08-19
Severity:High
Description:Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
Vulnerability:libvirt
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Vulnerability:libvirt
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Vulnerability:libvirt
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.
Vulnerability:libvirt
Published:2010-08-19
Severity:Low
Description:Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.


Briefing Centers
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)