2019: The Year of the Data Breach, Again…
“Magic 8 ball, will 2019 be the Year of the Data Breach…again?”
Our VP of Compliance says: All signs point to YES.
With the passing of laws like GDPR and PIPEDA, the Marriott Breach, New York Department of Financial Service’s cybersecurity rule deadlines, increased SEC enforcement, and increase in data breach lawsuits, by the time last December ended, there is no doubt that all industry specialists could not wait to label 2018 as the Year of the Data Breach. However, as we sit in the dawn of 2019, it is becoming ever increasingly clear, that 2019 will in fact be, the Year of the Data Breach, Again.
Following a 500 million user account data breach in September, Yahoo has just announced that they have once again suffered another breach of an estimated one billion accounts. Yahoo disclosed in November, that the company was provided with data files from law enforcement claiming to be Yahoo user data. Outside forensic experts, in conjunction with Yahoo, have determined that it is in fact Yahoo user data, that was obtained by an unauthorized third party in August of 2013. The party responsible for the intrusion has not yet been able to be identified. This incident has been diagnosed to be separate from the incident in September 2016.
Yahoo believes that the information that was stolen consists of full names, email addresses, dates of birth, phone numbers, hashed passwords, and possibly security questions and answers as well. Luckily, Yahoo does not store credit card or any other payment information in the system that was affected.
Currently, Yahoo is identifying and notifying potentially affected users and instructing them to change passwords immediately. Additionally, Yahoo is removing all unencrypted security questions and answers from affected users so that hackers cannot use those answers to break into users accounts.
As 2016 comes to a close, it seems to appear to be the “Year of the Breach” with reports of eight major breaches involving well-known companies. Obtaining large amounts of data is key for these hackers, so companies most vulnerable are those which hold a large amount of personal data on their customers, including Social Security numbers, birthdates, home addresses and even medical records.
Digital Edge’s Security Operation Center (SOC) protects your organization’s intellectual property and sensitive data. Digital security threats are real and it is better to be able to detect and respond to them as quickly as possible. It is difficult for organizations without a comprehensive incident-handling capability to create a proactive SOC team. These capabilities have to include tools and processes that enable centralized security threat visibility, instant alerting, and efficient troubleshooting. Digital Edge’s SOC is ready to deliver those capabilities and provide security coverage for your organization today.
For more information on this new Yahoo hack, and tips to help keep your password safe and secure, please click here.