This week, human resources data analytics company Zeroed-In Technologies sent out data breach letters to 2 million people who were affected by an August breach of its systems, including customers of retailers Dollar Tree and Family Dollar.
A Fort Myers, Florida-based data company, the company provides a cloud-based HR analytics platform to collect, analyze, and visualize workforce data. According to the company’s website, it has 30K registered users.
Zeroed-In discovered suspicious activity in some of their systems on August 8th, 2023. Their investigation concluded August 31st and three months later on November 27th, they informed the Maine Attorney General’s office and began sending out notification letters. The company claims it’s “providing notice to individuals and regulators, as required.” But Florida law requires companies to report breaches in 30 days or less:
Florida Statutes 501.171
- (3) NOTICE TO DEPARTMENT OF SECURITY BREACH.—
- (a) A covered entity shall provide notice to the department (of Legal Affairs) of any breach of security affecting 500 or more individuals in this state. Such notice must be provided to the department as expeditiously as practicable, but no later than 30 days after the determination of the breach or reason to believe a breach occurred.
“… Zeroed-In conducted a review of the contents of the systems to determine what information was present at the time of the incident and to whom the information relates.” Files accessed in the hack included:
Troy Batterberry, CEO and founder, EchoMark:
“When these serious breaches happen, “time to detect” and “time to remediate” are critical benchmarks to stop the “information bleeding”. Logging and monitoring are important aspects of the forensics analysis to detect and remediate breaches. However, we know they often do not go nearly far enough to pinpoint the source of data exfiltration quickly. This is especially true when an insider is involved, or their computing assets have been compromised. Information watermarking is a new technology that can help expedite time to remediate and help get the business up and running again.”
Let’s see what Florida does to Zeroed-In Technologies as it appears that Florida law was not followed in this case. And if that’s true, I hope that Florida makes an example of this company as that will give others a huge incentive to play by the rules and do what they are supposed to do when it comes to data breaches.
Like this:
Like Loading...
Related
This entry was posted on November 29, 2023 at 5:05 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Two Million Impacted By HR Analytics Platform Breach
This week, human resources data analytics company Zeroed-In Technologies sent out data breach letters to 2 million people who were affected by an August breach of its systems, including customers of retailers Dollar Tree and Family Dollar.
A Fort Myers, Florida-based data company, the company provides a cloud-based HR analytics platform to collect, analyze, and visualize workforce data. According to the company’s website, it has 30K registered users.
Zeroed-In discovered suspicious activity in some of their systems on August 8th, 2023. Their investigation concluded August 31st and three months later on November 27th, they informed the Maine Attorney General’s office and began sending out notification letters. The company claims it’s “providing notice to individuals and regulators, as required.” But Florida law requires companies to report breaches in 30 days or less:
Florida Statutes 501.171
“… Zeroed-In conducted a review of the contents of the systems to determine what information was present at the time of the incident and to whom the information relates.” Files accessed in the hack included:
Troy Batterberry, CEO and founder, EchoMark:
“When these serious breaches happen, “time to detect” and “time to remediate” are critical benchmarks to stop the “information bleeding”. Logging and monitoring are important aspects of the forensics analysis to detect and remediate breaches. However, we know they often do not go nearly far enough to pinpoint the source of data exfiltration quickly. This is especially true when an insider is involved, or their computing assets have been compromised. Information watermarking is a new technology that can help expedite time to remediate and help get the business up and running again.”
Let’s see what Florida does to Zeroed-In Technologies as it appears that Florida law was not followed in this case. And if that’s true, I hope that Florida makes an example of this company as that will give others a huge incentive to play by the rules and do what they are supposed to do when it comes to data breaches.
Share this:
Like this:
Related
This entry was posted on November 29, 2023 at 5:05 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.