The FBI views companies hit by cyber attacks as victims and will not rush to share their information with other agencies investigating whether they failed to protect customer data, its chief said Wednesday.
BOSTON (Reuters) — The FBI views companies hit by cyber attacks as victims and will not rush to share their information with other agencies investigating whether they failed to protect customer data, its chief said Wednesday.
Christopher Wray, director of the Federal Bureau of Investigation, encouraged companies to promptly report when they are hacked to help the FBI investigate and prevent future data breaches.
He contrasted the FBI’s approach to that of other regulators and state authorities. Without naming other agencies, Wray referred to “less-enlightened enforcement agencies,” some of which he said take a more adversarial approach.
“We don’t view it as our responsibility when companies share information with us to turn around and share that information with some of those other agencies,” Wray said in response to an audience question at a cyber security conference at Boston College.
Amid a wave of high-profile data breaches at major corporations, the Federal Trade Commission (FTC) and state attorneys general are investigating how many of them secured consumer data before they were hacked.
Equifax Inc, which suffered a breach in 2017 that compromised the data of more than 147 million consumers, is fighting a lawsuit by Massachusetts Attorney General Maura Healey and faces probes by over 40 other states and the FTC.
Ride-sharing company Uber Technologies Inc [UBER. UL] is also facing investigations by state attorneys general after a data breach of 57 million accounts.
Uber has been sued by the states of Washington and Pennsylvania, and like Equifax faces private class action lawsuits over the breach.
Speaking at the conference, Wray said the FBI needed to partner with the private sector to combat an evolving threat that has “turned into full-blown economic espionage and extremely lucrative cyber crime.”
Wray, who took over as director in August, said in order to prevent cyber threats, companies should approach the FBI as soon as they see signs of unauthorized access to their computer systems or malware infesting them.
“At the FBI, we treat victim companies as victims,” he said.