This is not good. Not good at all. Companies are getting hit with ransomware, and not disclosing that the data, your data, is out there. I wonder how many of this companies are actually in places with data breach laws and are now facing some fines for that as well?
“According to Emsisoft threat analyst Brett Callow, one recent dump of a Canadian company’s data included employee “names, home addresses, social insurance numbers, tax forms, earnings details, health insurance numbers, banking information, drug test results, etc.”. The company failed to notify employees of the breach.
None of these breaches have been reported publicly by their victims. “The lack of disclosure obviously means that customers/clients/vendors/partners do not know that their data is now in the hands of cybercriminals and can be downloaded by anybody with an Internet connection,” Callow told Ars. “And that means they do not know that they should set up credit monitoring, notify their financial institution, be on the lookout for scams or spear phishing attempts.””