It is always in the best interests of an organization to do certain things when announcing that consumer data has been breached:
- let the public know what was and was not breached
- let the public know that the organization is taking it seriously
- give people guidance on what they should do if they suspect they are impacted
- assure the public that they are taking steps to tighten up their security
The reader reads these statements from the organization that was victimized and draws its own conclusions from them.
Once the statement has been issued, the media, that is, all the different outlets that deliver news to the public, then decide if the breach is newsworthy. In this instance, only the local media considered the breach worth their reader’s attention. And in this instance, the differences in the way the two local “papers” chose to present the organization’s statement is more interesting than the breach itself.
Compare these two treatments of the same breach:
Cantonrep.com tries to report just the facts of the breach while giving the public some help with next steps:
http://www.cantonrep.com/newsnow/x493674050/Aultman-gift-shop-credit-security-breached
The Press News on the other hand seems to be publishing Aultman’s press release on the subject as if they wrote it:
http://www.the-press-news.com/local%20business/2012/10/24/aultman-hospital-reports-data-breach
How else do we explain the Press News article printing these statements as if the reporter authored them:
“Aultman deeply regrets this unfortunate incident.
Safeguarding the privacy of all customer information is among their highest priorities and one they take very seriously at Aultman Hospital.”
These statements are no doubt true and if they were cited as quotations from the hospital administration– which they probably are– they would be entirely appropriate. But reported as they are, as if the journalist has uncovered these items through an investigation, this amounts to just passing the press release through. Lazy journalism.
{Cyber Security} 