Shostack + Friends Blog Archive


"Suffering in Silence With Data Breaches"

That’s a huge loophole that could be used in almost every incidence of stolen data, said Dan Clements, CEO of, a company that tracks the sale of stolen credit cards on the Web. Every law enforcement agency that receives a crime report is going to consider the case “under investigation,” he said.

“Only about 10 percent of the merchants do the right thing and notify customers when there is a compromise,” Clements said. “Most want to sweep the hack under the rug. Their motivation is clear; they don’t want to lose their customers’ trust.”

From “Suffering in silence with data leaks,” by Greg Sandoval. That’s a stunning assessment of how bad the problems are. No wonder businesses are lobbying like mad to be allowed to keep customers in the dark.

2 comments on ""Suffering in Silence With Data Breaches""

  • Alex Hutton says:

    Funny, but I’ve been meaning to study the effect of reputation loss for B2C incidents vs. B2B incidents.
    My initial guess is that the aggregate consumer base and Wall St. are forgiving of B2C incidents (Lowe’s, Best Buy, DSW, Citibank, etc…) but a B2B incident involving a non-public company in a subservient position (card services, for example) has a much higher probability of significantly negative reputation impact.
    In fact, I’m guessing that if you use the FAIR Risk Management’s 6 Loss Forms (Productivity, Response, Replacement, Fine/Judgements, Competitive Advantage and Reputation), I would argue that for B2C reputation and competitive advantage are the areas of least concern.

  • Chris Walsh says:

    How would you propose to obtain data on private firm valuations in order to do your analysis? (or would you be looking at something else?)

Comments are closed.