In Cybersecurity, Perhaps Watch What You Say …

The cybersecurity community is often vocal in expressing their feelings around failings related to data breaches. Those with trusted voices can be fairly vocal about the poor security practices involved, and often use social media channels to disseminate their feelings. But a new lawsuit by Ubiquiti against Brian Krebs opens up a whole new debate around disseminating information about suspected data breaches, and ones that are perhaps not proven at a given time. The lawsuit is for $425K in damages:

It states that:

Ubiquiti Inc. files this defamation action because blogger Brian Krebs falsely accused the company of “covering up” a cyberattack by intentionally misleading customers about a so-called data “breach” and subsequent blackmail attempt in violation of federal law and SEC regulations.

The opposite is true: Ubiquiti promptly notified its customers about the attack and instructed them to take additional security precautions to protect their information. Ubiquiti then notified the public in the next filing it made with the SEC. But Krebs intentionally disregarded these facts to target Ubiquiti and increase ad revenue by driving traffic to his…