We’re well-versed in security breaches by now, but there’s still some uncertainty about whom to blame when things go wrong. A solid example of that is the recent Ascension Breach that involved Rocktop Partners, OpticsML, and various financial institutions in the mishandling of mortgage information.
We’ve delved into the Ascension Breach in a recent article published in Information Management. There are three important takeaways from the Ascension Breach:
- Information security matters – Regardless of the size of your organization, you’re responsible for protecting the privacy of your data. Being a small business is no excuse.
- Risk surface is expansive – Your risk surface isn’t limited to your immediate systems; it’s anywhere the confidentiality, integrity, or availability of your data or transactions are at risk. That risk includes your third- and often fourth-party vendors.
- You’re responsible for investigating your partners’ information security – If your customers have given you data—in this case, sensitive mortgage information—you’re responsible for protecting that information even if you sell it.
- Regulations need to expand – While banks are strongly regulated, entities that deal with financial institutions and interact with their data are often not. Regulations need to regulate every organization that deals with consumer information.
And what about the customer? Where do they stand? Read the full article to delve into the details of the breach.