Data Breach liability

Hi all,

I work in IT and today discovered a hole in our data centres network. We are on a managed IT environment and connect to Citrix VM's hosted by the data centre. Essentially I found a way to enter a directory path that should have been restricted. This means that our company's data and other clients of the data centre's data were exposed and I was able to see it. Some of the data is highly sensitive.

My boss asked me to document what had happened along with screenshots to prove that sensitive data was exposed. We then sent this to the data centre. They have now come back and said that I could be legally liable for this, if they have to report it. I haven't tampered, or used it maliciously in any sense.

Are they just trying to spook me because they don't want to disclose that a breach had occurred?

Thanks

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s