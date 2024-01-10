A hack of one of the country’s largest entertainment conglomerates festered for months before it was discovered - and even then, the company didn’t alert the public.

National Amusements is the parent company of CBS and Paramount.

The company finally admitted in December of 2023 that private data, including social security numbers, pin codes and passwords was stolen from at least 82,000 people, beginning in December of 2022.

Tony Sabaj with cyber security giant Check Point tells KRMG a new rule may have forced their hand.

The Securities and Exchange Commission (SEC) promulgated the rule in July of 2023, and it went into effect December 18th of that year.

“If you make a ransom payment, that has to be reported to the government within 48 hours,” Sabaj told KRMG. “Any type of intellectual property that was stolen, or any personally identifiable information that was stolen, has to be reported with 72 hours.”

KRMG found some conflicting information online, which indicates most companies have four business days to report.

There are also exceptions - if the company can demonstrate that reporting publicly would endanger national security, or public safety, it can request an exemption of 30 days, up to 120 days, though there’s confusion on how that process works.

Some in the industry have argued that mandatory reporting can harm investigations designed to identify the criminals involved and bring them to justice.

However, the National Amusements incident provides an example of how delay could potentially impact the secondary victims - in this case, employees or possibly customers of the company which suffered the security breach.

“At this point, a lot of the damage has already been done,” Sabaj points out. “It may be credit/debit card information, with PIN numbers, with addresses, with ZIP codes out there that make it much easier to use and sell your credit card information online.”

Ultimately, it’s up to individuals to do all they can to protect their data and their assets.

Experts advise people to use long passwords, unique to each account (and/or use a password manager), and never re-use them.

Two-factor authorization is also highly recommended.

It’s also important to monitor one’s bank and credit accounts regularly for unusual or fraudulent activity.







