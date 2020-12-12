I bet they end up paying it.
Well actually, paying can make the company end up in major trouble. The government advises not to. The main problem is what is stopping whoever has the data from basically "blackmailing" the company with it and asking for another ransom at a later date.
They've been pwned and now need to focus on security and move on. Their data is already out there.
Note from the article "A receptionist said the company was holding its Christmas party on Friday afternoon and management would comment next week."
"She said the company’s IT division was looking after the matter and “things will be under control”."
Nope. Once data is extracted there is no way to bring it back "under control".
"Staircase is not licensed by the Financial Markets Authority so it was not required to notify it of a security breach."
The Privacy Act 2020 requires the reporting of serious privacy breaches to the Privacy Commissioner and to affected people - regardless of which industry your company is.
Overall, this company is just doing everything wrong.
And paying is not the solution.
freitasm:
And paying is not the solution.
Could not agree more, A lot do pay though from my understanding.
Surprised they didn't pay it, typically you see a 3rd party being used to "recover" or "secure" the data for a fee slightly above the ransomware price. It's fairly common to pay if you have the money overseas