Nationwide Insurance wants to keep possible weaknesses in its digital infrastructure under wraps as state and federal investigators look into its October security breach that left 1.1 million Americans' information exposed. The company has hired a legal firm to conduct an investigation of the security breach, granting the results the protected secrecy of attorney-client privilege, reports The Wall Street Journal. The new practice is being adopted by many companies that have fallen victim to cyberattacks, leading some law firms to begin specializing in this type of data-breach investigation. Frequently, the legal counsel will contract a data security firm to perform the actual analysis.
Nationwide's move may protect it from disclosing potentially harmful findings, but it's possible that a third-party investigation — whose results would be public, not private — could still be mandated. The company's reticence comes as the US government is pushing for greater openness from private firms as the risk of a major cyberattack rises. Nationwide may decide to share information found during the investigation, but having legal counsel will allow the company to more carefully consider any findings that it wishes to publish.