On Thursday evening, 60 suspected gas fires broke out in three Massachusetts towns north of Boston. Naturally, people wondered about the cause.
Some accounts on Twitter began to speculate, baselessly, that the explosions were the result of hacking. One hacker-activist with a large following stoked the rumor mill by asking whether anyone else suspected the fires “might be some kinda of cyber attack targeting SCADA systems?” (SCADA systems, or supervisory control and data acquisition systems, refer to industrial control hardware often used in power plants.) Another Twitter account followed this up with an unsupported claim that U.S. agencies were “looking for traces of weaponzied stuxnet virus,” referring to a malware program, widely attributed to U.S. and Israeli intelligence agencies, that knocked out Iranian nuclear centrifuges in the aughts.
Industry professionals swiftly tamped down on the unsubstantiated gossip. Rob M. Lee, CEO and founder of Dragos, a startup that specializes in industrial cybersecurity, approached the incident with characteristic level-headedness. “[T]hese events sadly happen and cyber is often the least likely answer,” he wrote in a tweet. “[T]he folks involved will be focused and thorough to find the root cause. I.e. wait.”
Kudos to the cooler heads, like Lee, who urge caution while officials sort this mess out. I tend to agree with Kevin Mandia, CEO of cybersecurity firm FireEye, who told a Senate committee this week that frequent talk of an impending “cyber Pearl Harbor”—a theoretical attack that could cause national power outages—distracts from the real threat. As Mandia put it, “I believe that our nation is more likely to face an enduring, more protracted cyber campaign akin to ‘cyber trench-warfare.’”
Indeed, and so often that trench warfare takes the form of disinformation run amok online.
The ransacking of Equifax has had at least one positive outcome. Next week a federal law kicks in that will force the big three credit bureaus—Equifax, Experian, and TransUnion—to provide fee-less “security freezes,” hold orders on credit files that help prevent identity theft. Starting on Sept. 21, the credit bureaus will no longer be allowed to charge for the service—a long overdue reform. Brian Krebs, an investigative cybersecurity journalist, has a nice write-up of the upcoming policy change on his website.
Have a great weekend.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.