With the world revolving around online services and products, consumers are more willing than ever to give out their personal information. However, businesses often don’t recognize the vulnerabilities of their cyber security system, or the risks of data breaches, leading to increased risk for a data breach. For small and large businesses, this proves costly. 

Unfortunately, there had to be a few guinea pigs to learn from. Particularly over the past decade, we’ve witnessed a multitude of data breaches from large companies. In this blog, we’ll be taking a deep dive into where things went wrong, and what lessons we can learn from these tragic data breaches.

Yahoo

Date: 2013-2014

Users impacted: 3 billion

What happened? 

The 2013-2014 data breach wasn’t revealed until 2016, when Yahoo experienced another cyber attack. The 2016 attack compromised over 500 million user accounts, with cyber criminals gaining access to personal information like email addresses, birth dates, and phone numbers. When this happened, they issued another statement on the 2013 breach, stating that hackers compromised over 1 billion accounts. In addition to personal information being leaked, security questions and answers were compromised. 

What can we learn?

The biggest lesson learned from Yahoo’s years of data breaches is that these situations shouldn’t be downplayed. Yahoo released their information slowly, and provided little to no information on how users can protect themselves in the future. It made people feel like the breaches were being swept under the rug, that Yahoo was hiding something. This led to a decrease in trust in the brand, and ultimately to their buyout from Verizon in 2017. Moral of the story is: businesses should always be transparent, quick, and apologetic in their statements. 

eBay

Date: May 2014
Users impacted: 145 million 

What happened? 

In May 2014, an online auction at eBay led to the loss of names, addresses and birth dates of millions of users. It was determined that hackers gained access to the information by using the login information from three corporate employees. They had access for over 200 days, which was enough time to hack the user database. 

What can we learn?

The biggest lesson to take away from this breach is that employee access should be controlled, and employee cyber security training is incredibly important. Multiple levels of authentication should be in place, especially for those who have access to sensitive data. In addition, businesses should consider restricting sensitive data within the company to only those who really need it.  

Equifax

Date: July 2017
Users Impacted: 143 million

What happened? 

In 2017, Equifax announced that a data breach occurred due to a vulnerability in their application. The breach was discovered in June, however Equifax admitted that it likely began as early as mid-May. Social security numbers, drivers licenses numbers, and credit card information were only a few bits of personal information leaked. And to make things worse, they announced the breach was caused by the neglect of one, single employee. And this employee? He was a music major, hired as Chief of Security. 

What can we learn? 

The biggest lesson here is to hire the right people. Cyber security is not something to be taken lightly, and requires someone with extensive experience. If you want to avoid catastrophic data breaches, hire the best people. 

If you’re looking to protect your business from a data breach, you’ve come to the right place. Thinline Technologies provides a variety of cyber security services, and can take extensive measures to ensure your company doesn’t go under attack. Visit our services page for more info, or contact us today to learn more.