Data Breaches, Privacy Incidents, Pt. 3
There were no reactions found from law enforcement authorities on the reported data breaches for Fitbit and Fossil. Some Fitbit representatives denied that the February 2020 security breach happened. With regard to the Garmin ransomware attack, there was a blanket statement mentioned from the FBI that discourages ransomware targets from handing out ransoms to the cybercriminals. The rest of the available law enforcement reactions or statements surrounding the data breaches or privacy incidents were inputted in the shared spreadsheet, rows 26 - 28, 33 - 34, and 36, and under columns H, I, J, K, and L.
- Based on a statement from a Fitbit representative, the reported stolen email and password incidents last February 2020 did not happen. The last Fitbit security incident happened in 2016.
- As for Fossil, there were no responses found from any law enforcement authority on the data breach incident that happened in June 2019 on its website. The incident impacted 5 users.
- For the Facebook privacy incidents, there were mentions of the various court cases and fines that several law enforcement authorities and federal agencies have imposed on the company. The $5 billion Federal Trade Commission settlement agreement made in 2019 also required Facebook to continue to clean up its data handling practices.
- As for the ransomware attack on Garmin, a statement from the FBI was mentioned where the agency is discouraging cyber victims from paying ransoms to cybercriminals.
To determine the law enforcement’s reaction to the data breaches and privacy incidents, we looked through the given companies' websites, reports, press releases, and other similar sources. We also searched media publications such as Forbes and Business Insider, technology-oriented sources such as Wired and Tech Crunch, and other similar sources. Based on this search approach, we were able to find some indirect statements or accounts of law enforcement authorities' reactions to the data breaches and privacy incidents. However, direct statements from these law enforcement bodies that were specific to these data breaches were extremely limited.
We then checked the websites of the law enforcement agencies (FBI, FTC, SEC, ICO, and others) and some government bodies such as the U.S. Congress to determine if there were direct statements made that were specific to the indicated data breaches and privacy incidents of the given companies. However, most of the statements found were for the bigger cybersecurity incidents of these companies that happened in the past. Law enforcement reactions or statements for the latest incidents listed in the spreadsheet were indirectly referenced from earlier statements or reactions that encompass all future data or privacy infractions of the companies.
We also searched for interview excerpts, studies, and surveys that tackle data breaches and privacy incidents to determine if we can find statements or reactions from law enforcement representatives or officers that specifically tackle the latest cybersecurity incidents of the given companies. However, what we found were mostly general statements on the bigger data breaches or privacy concerns of these companies. There were very limited mentions of the latest incidents that were indicated in the spreadsheet.
Given these search outcomes, we have compiled the relevant findings and helpful information on the insights found with regard to the reactions of law enforcement bodies on the cybersecurity incidents in these companies.