Fake data breaches: Countering the damage

Amid the constant drumbeat of successful cyberattacks, some fake data breaches have also cropped up to make sensational headlines. Unfortunately, even fake data breaches can have real repercussions.

Earlier this year, a hacker on a criminal forum claimed to have stolen data on some 50 million Europcar customers. After investigation, the car rental company determined that the data claimed to have been stolen was completely bogus.

In February 2024, someone created a fake news story claiming a major data breach at the Maine Attorney General’s office and tricked the Attorney General’s office into posting it on their website. Epic Games, maker of Fortnite was a victim of a fake data breach by a cybercrime group that claimed without evidence it had absconded source code and sensitive user data.

Such fabricated attacks create panic and damage business reputations.

Unlike notorious and sophisticated cybercriminals with a reputation to maintain, novice hackers and amateurs can easily resort to such hoaxes. They can manipulate social media to spread misinformation and profit from the chaos. It doesn’t take much effort — a simple ChatGPT prompt can generate an entire database worth of realistic-looking records. Attackers can then try to sell this made-up information (like email addresses, passwords, credit card numbers), claiming it’s from a hacked company.

The exposed data may be fake, but these breaches can cause problems.

Why fake data breaches matter

Fake data breaches can hurt an organization’s security reputation, even if it quickly debunks the fake breach.

Whether real or fake, news of a potential breach can create panic among employees, customers, and other stakeholders. For publicly traded companies, the consequences can be even more damaging as such rumors can degrade a company’s stock value.

Fake breaches also have direct financial consequences. Investigating a fake breach consumes time, money, and security personnel. Time spent on such investigations can mean time away from mitigating real and critical security threats, especially for SMBs with limited resources.

Some cybercriminals might deliberately create panic and confusion about a fake breach to distract security teams from a different, real attack they might be trying to launch. Fake data breaches can help them gauge the response time and protocols an organization may have in place. These insights can be valuable for future, more severe attacks. In this sense, a fake data breach may well be a “dry run” and an indicator of an upcoming cyber-attack.

Minimizing fallout

A robust cybersecurity posture can effectively mitigate the impact of fake data breaches, just as it does with real breaches.

Here are some best practices organizations can implement to stay ahead of emerging cyber threats and tactics:

1. Investigate potential data breaches

Avoid immediately jumping to conclusions. Instead, investigate the validity of a breach claim before taking drastic measures like public disclosure and announcements. Having a dedicated team for verifying and investigating the authenticity of a data breach, alongside a clear public relations strategy, can enable organizations to disseminate accurate information quickly and mitigate the reputational harm of a false claim.

2. Have a clear communication plan

To avoid a situation like the one the Maine Attorney General’s office found themselves in, it’s important for organizations to have a plan in place for a suspected data breach. Establish clear communication channels and hierarchies to avoid panicked disclosures based on unconfirmed information. A well-defined plan can ensure everyone is onboard regarding who will speak on behalf of the company, what information will be disclosed, who should be contacted, and when. This not only minimizes confusion and panic but also allows the organization to take control of the narrative and demonstrate its commitment to data security.

3. Establish robust monitoring and alerting

Implementing proactive security measures with centralized monitoring and alerting capabilities can help organizations identify anomalous activities indicative of a genuine threat, even while investigating potential false alarms. Converged security controls like SASE (Secure Access Service Edge) can provide a clearer picture of all network activities, enabling organizations to confidently determine the legitimacy of a breach claim. SASE solutions can quickly identify suspicious access attempts using stolen or even fake credentials.

4. Use canary tokens

Canary tokens can be valuable for detecting and responding to fake data breaches. They are a set of strategically placed fake login credentials, not intended for actual use. If someone tries to use them for accessing the corporate network, it indicates a breach or an ongoing breach attempt and triggers an alert for rapid remediation. Canary tokens not only help identify real threats quickly but also assist in identifying fake data breach claims if the tokens are not used.

By following these practices, companies can minimize the damage caused by fake data breaches and maintain customer trust.