How to figure out if a data breach is a hoax
The notoriety that comes with taking credit for a data breach is alluring. Declaring a successful data breach can suddenly bring a lot of attention, which is why posting bogus data is attractive.
For companies and organizations, it’s a real headache, since an allegation of a breach can immediately pose public relations challenges.
“The speed of the news cycle is a lot faster than the speed of the incident response process,” said Allison Nixon, a threat researcher with consultancy Deloitte.
Nixon wrote a paper describing some non-intrusive techniques for figuring out if a data breach is legitimate. The paper, she said in a phone interview on Wednesday, is intended to allow third parties to get a sense whether a leak is real.