What Went Wrong? 5 of the Biggest and Most Notable Data Breaches
Suffering from a data breach isn’t something that should be taken lightly. Data breaches have repeatedly proven to be serious threats that hurt organizations in many ways. For starters, they cause downtime within the organization. ITIC’s latest survey data finds that 98% of organizations say a single hour of downtime costs over $100,000; 81% of respondents indicated that 60 minutes of downtime costs their business over $300,000. And a record one-third or 33% of enterprises report that one hour of downtime costs their firms $1 million to over $5 million.
If the cost of downtime isn’t bad enough, there’s also reputational damage that companies have to deal with. According to the 2017 Cost of a Data Breach report by IBM, 46 percent of companies have suffered reputational damage due to a data breach. Damage to reputation can not only hurt the company financially but also possibly shut them down for good. Despite all of this, there are still many companies of all sizes and across industries that fall victim to these data breaches every year.
Here are five of the most notable data breaches in recent history.
Equifax
The situation:
Approximately 143 million Americans had their sensitive personal information exposed in the data breach. Equifax, a consumer credit reporting agency, had unpatched software within their systems. Through this security hole, hackers were able to send malicious code to the servers (a method known as a remote code execution) and then force the server to release the customer data.
What needed to happen:
Equifax needed to patch their software vulnerabilities. By allowing themselves to slip up on routine software maintenance, they released critical information of many millions of people. They needed a dedicated team of network security experts to consistently monitor their software and alert them as soon as they detected suspicious activity.
Oklahoma University
The situation:
The personal information of more than 29,000 students was released. This information included grades, financial aid information, and Social Security numbers since 2002. The files became accessible to any OU account holder through Microsoft Delve, a file-sharing program. The breach was quickly detected by the school’s IT department, which shut down the systems immediately after noticing.
What needed to happen:
Unlike the others in the list, the Oklahoma University incident was not a traditional data breach. It didn’t occur due to a malicious attempt at hacking; rather, it happened due to improper sharing settings. To avoid this, organizations need to ensure that their IT provider is knowledgeable about security settings and sharing best practices. Having a site where critical information is stored improperly can quickly lead to a data exposure situation much like that of OU.
Yahoo
The situation:
A grand total of three billion Yahoo accounts were breached, resulting in the release of all names, email addresses, telephone numbers, and passwords to hackers. Although it occurred in 2013, Yahoo didn’t disclose of the breach until 2016. They sent emails to all accounts urging them to change their passwords and to reset all information for added security.
The breach itself was achieved by hackers that forged skeleton keys within Yahoo’s backup user database. Through this, the hackers were able to test and inject malware into the system to create fake cookies, which systematically allowed them to mask themselves as users. Though a relatively slow process, the hackers managed to affect all accounts in a total of three years.
What needed to happen:
Simply put, Yahoo needed tools that helped them see what was happening. They had three years to stop the breach from happening, but were unaware and unable to do so due to their poor visibility. For a company as big as Yahoo, deep network scans and constant security audits are paramount to proper network security.
eBay
The situation:
In 2014, the e-commerce giant eBay suffered from a catastrophic cyber attack. This attack caused a data breach that released the personal information of 148 million user records. This exposed data included name, date of birth, email address, home address, phone number, and password. Though not totally clear to this day, the attack appears to have originated from either a successful phishing attempt or a social engineering scam.
What needed to happen:
With eBay, the answer to stopping the attack was user training. Leaving a large company with little or no end-user training at all is extremely dangerous. After all, it only takes one person to divulge important information before many others suffer. With a top-notch network security partner, eBay could have implemented cybersecurity training seminars to eliminate the risk of falling victim to phishing scams and social engineering attempts.
Your Company
The situation:
You may be surprised to see that you made the cut on the list. Though the other companies on this list are large, it’s usually the smaller guys that suffer. In fact, 43 percent of cyber attacks target small business.
Cybercriminals continue to target small organizations because it works. Approximately 75.6% of organizations encountered at least one successful cyber attack within the past 12 months. With such a high rate of success and a target-rich environment, it’s a mystery why businesses leave it up to chance to protect themselves against data breaches.
After all, big companies can suffer from irreversible damage and spend enormous amounts of money in fighting data breaches. On the other hand, small companies are usually unable to handle it, with 60% of small companies going out of business within six months of a cyber attack.
What needs to happen:
For your organization, it’s far from too late to do something about it. Partnering with a team of IT professionals can greatly reduce any chance that you have of ever suffering from a data breach in the first place. And that’s what we’re here to do.
If you’d like to know how we can help you to secure your business, contact us. We’ll get to know your company, your goals, and your network’s vulnerabilities. With the right solutions, we’ll stop you from the risk of a cyber attack or data breach.