Under Armour revealed that the companies popular MyFitnessPal app had been hacked last week and began notifying customers on Thursday. The stolen data includes user names, email addresses and scrambled passwords but added that Social Security numbers, driver license information and payment card data was safe.
The press release states that 150 million accounts were affected.
Why I’m writing this article: Companies experiencing significant data breaches have been releasing minimalistic press releases and hoping that the news media doesn’t notice the fact that a data breach affecting millions of people occurred. Companies are not conspicuously posting notice of the breech on their website. Wonder why? Because there’s not requirement to conspicuously post it on the company Home page.
The only reason why we discover data breach even occurred at a publicly traded company is thanks to the Securities and Exchange Commission- the SEC. The SEC requires a publicly traded company to make financial notifications that may affect investors. Failure to do so could be a criminal violation, but certainly is a regulatory violation.
Under Armour posted the data breech information on their investor relations page because it must be there – a shareholder notification was required – I don’t get a feeling that they posted it there for the sake of corporate transparency. Data breeches should be regulated and there should a reporting requirement that includes a conspicuously posted notice on the Homepage page of a company website.
The scarlet ‘B’…