print   email   Share

Data Breaches Are Increasing: Do You Have Basic Preparations in Place?

If approved by the U.S. district judge, Yahoo will pay tens of millions of dollars to settle a lawsuit stemming from a series of data breaches that affected as many as three billion email accounts worldwide.

The settlement would require Yahoo to pay $50 million in compensation to 200 million Yahoo users in the United States and Israel. Yahoo would also pay an additional $35 million in attorney fees and provide two years of credit monitoring to affected individuals, as well a compensation package to small businesses and individuals that suffered losses from the breaches.

The data breaches started in 2013, but were not revealed until Verizon purchased Yahoo in 2016. Yahoo is now owned by Verizon and Altaba, which will each pay half of the settlement amount.

In 2017, the U.S. Department of Justice charged two Russian intelligence officers of conspiring to steal the data of 500 million Yahoo users in 2014. They allegedly used the data to target U.S. organizations and individuals, including the White House. Clyde Hughes "Yahoo agrees to pay $50M for breach that hit billions of accounts" upi.com (Oct. 24, 2018).


Commentary

Covering up or ignoring a data breach will result in litigation and fines. Although it can be costly, properly addressing a data breach is the only option, and will cost less in the long run than ignoring it.

According to the Identity Theft Resource Center’s 2017 Annual Data Breach End-Year Review, there were 1,579 breaches in the U.S. that year, which is a record high. Criminals stole 178,955,069 records in the breaches.

The category “business” was the hardest hit sector in 2017, followed by the medical/health care industry. The education, banking, and government sectors also experienced data breaches.

Having a strong cybersecurity policy will go a long way to protect your organization from a data breach, but even so you could experience a breach. If you do, it is essential to handle the situation properly to reduce exposure. Do not think that, because you have cybersecurity practices in place and another breach is unlikely, you can ignore one breach.

First, have a skilled assessment team of cybersecurity experts analyze the extent of the breach, including how it occurred, what was stolen, and who was affected. Once the assessment team has determined this information, notify the affected individuals as soon as possible, following your state’s laws for notifying those affected by a data breach. If credit card numbers or personal information that could be used for identity theft was compromised, provide free credit monitoring services to those affected.

Also, have your in-house or outside cybersecurity team determine what security measures your organization should establish to shore up any vulnerability that possibly led to the breach and that could prevent a future successful attack.

Finally, your opinion is important to us. Please complete the opinion survey: