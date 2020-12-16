Expert Comments

Irish Twitter fine Is Seasonal Reminder That Hackers Don’t Take A Break

George Glass, head of threat intel at UK cybersecurity business 

George Glass
Head of Threat Intelligence
Redscan
This case highlights the need for organisations to have well-rehearsed incident response procedures in place
One of the key issues concerning the commission’s decision to fine Twitter is whether the organisation complied with its obligation to report the breach within 72 hours. The area of contention is the length of time it took from the security vulnerability first being disclosed to a third party, to being reviewed by Twitter’s in-house security team, and then a breach notification report being submitted to the Data Protection Commission. Uncertainty around Twitter’s reporting of the facts surrounding the discovery of the vulnerability and notification of the breach meant that the commission was not able to ascertain whether the tech giant had complied with its obligations. The investigator was of the initial understanding that Twitter had become aware of the breach on the 26th December 2018, eight days prior to a breach notification being submitted. This case highlights the need for organisations to have well-rehearsed incident response procedures in place, and include third parties in such plans. As part of its response to the investigation, Twitter claimed that the ‘Winter holiday schedule’ impacted the time that it took to review the vulnerability and establish its impact. As we head into another holiday season, organisations must remember that information security and data compliance does not take a break for Christmas, even if they do.”  Read Less

