Clear language key to data breach communications

Data security incidents are everyday occurrences, impacting even companies that seem well prepared. In addition to hardening IT infrastructure, communications plays an important role because hackers and other "threat actors" continually attempt to use "human engineering" tricks to get into secure systems.

And, when an incident occurs, clear communication to customers, investors, regulators and others is required - both because it's the right thing to do and because it's required by law in many instances.

As bad as the latest AT&T data breach may be, the words used in the company's public disclosure are good examples of clarity. It includes a timeline of the incident, a clear and credible explanation for why the disclosure was delayed until now, and, most importantly, this description of what was and was not accessed:

"The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information. Current analysis indicates that the data includes, for these periods of time, records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (“MVNO”) using AT&T’s wireless network."

Among other things, this section proactively addresses the most likely questions that anyone hearing about the incident would ask. Too many organizations bury this kind of information or don't provide it at all.

Here's a link to the AT&T Form 8-K:
https://lnkd.in/e9apGmmw

Media coverage includes:

• https://www.washingtonpost.com/business/2024/07/12/att-wireless-hacker-data-breach/

• https://apnews.com/article/att-data-breach-text-cell-b5cdc8d6c9e1b980cb2163f34b297dad

• https://www.npr.org/2024/07/12/nx-s1-5037736/att-data-breach-call-text-records