Will victims increasingly turn to courts to suppress publication of stolen data?
What do you do when you have suffered an embarrassing data breach, your attacker(s) are taunting and criticizing you publicly, and some of your data has already been leaked?
This month, DataBreaches notes that two victims in different countries are both seeking court injunctions in the hope that they can get stolen data removed from public areas of the internet and prohibit others from publishing or republishing it. DataBreaches believes it’s an approach that will be of limited value.
As previously reported on DataBreaches, stolen customer data including medical reports from India’s biggest health insurer, Star Health, was made publicly accessible via chatbots on Telegram. Star Health subsequently sued Telegram and the hacker known as “xenZen,” and obtained a temporary injunction from a court in Tamil Nadu ordering Telegram and the hacker to block any chatbots or websites in India that make the data available online.
Commenting on the court order and approach, DataBreaches suggested that an injunction would not be sufficient because the threat actor known as xenZen had already listed the data for sale on BreachForums, a popular hacking forum that has both clear net and dark web sites. Their listing included some sample data and gave potential buyers a way to contact them.
