this post was submitted on 29 Jul 2023
2 points (100.0% liked)

Data Breaches

1029 readers
75 users here now

Information about data breaches, data leaks, ransomware attacks, and other related stories.


Companion communities

Icon attribution

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

So are the institutions that are breached only criminally or civilly liable if the hackers leak protected data? Otherwise, why would they pay the ransom. It seems like they should have some liability because they didn't safeguard their data properly. I suppose they could be attempting to save their clients' trust even without a monetary penalty. If the hackers leak the data after being paid, does that matter legally? Does the amount paid or demanded affect how much of a penalty is applied?

[โ€“] [email protected] 1 points 1 year ago

For paying both US and EU deem it illegal. In US it seems to apply to all businesses, in EU they have a list of "essential services". EU can impose fines, US seems to discourage it, but only a few states adopted a law that allows imposing fines over certain amount paid.

Paying can be part of doing business especially if the data is related to the business itself and not customer data (most businesses don't care about customer data). Hacker groups rely on their reputation so they are likely to not leak if they are paid the ransom. If they would to lose that reputation by leaking the data even after they got paid nobody would pay anymore and their attacks would stop being effective.