Total Security Advisor
Practical Security Tips, News & Advice.
Updated: Nov 16, 2022
In 2021, the number of cyberattacks and data breaches in the U.S. increased by 15.1% from the previous year. And the cost of being victimized by cybercrime rose, as well. According to a study by IBM, on average, a single data breach in the U.S. costs a business $9.44 million.
In the first half of 2022 alone, some 53 million Americans had their personal data compromised in a breach. If you shop or manage your financial affairs online, chances are, you’re one of them. You’re probably not aware of every cybersecurity incident that has touched you. Businesses that have been victimized are often lax in notifying individuals when their data have been exposed. That leaves it up to you to stay informed, protect yourself, and take care of your digital life.
Let’s take a look back in time at some of the largest breaches to hit the online community—which, nowadays, includes pretty much everyone—and examine the effect they had on ordinary people. We’ll also recommend ways to find out whether you’ve been affected by a cyber breach, what to do if you’ve been compromised, and how to protect yourself from further exposure in the future.
Founded in 1994, Yahoo! grew into one of the largest web service providers in the world, offering a web portal, a search engine, email services, financial information, and more to internet users. The company no longer occupies the dominant position it assumed as one of the pioneers of consumer web services, but is still a formidable competitor in its business arena. The bigger they are, the harder they fall, though: Over a three-year period, Yahoo! was victimized by a series of cyberattacks.
The first attack was massive and perpetrated by a team of Russian hackers. The company reported that about 1 billion users were affected by it. Later, however, when Yahoo! was purchased by Verizon, we learned that some 3 billion users had actually had their data compromised. Users had their names, email addresses, phone numbers, birthdates, passwords, and security questions stolen, which, in turn, put them at risk for all kinds of fraud, including bogus credit card charges and identity theft.
In the end, the breach cost Yahoo! $500 million by some estimates. Most significantly, the company was forced to slash its selling price when it was acquired by Verizon by a whopping $350 million. Its reputation was severely damaged as customers lost faith in the brand and Yahoo! simply couldn’t command a premium price in the market.
In addition to the loss Yahoo! suffered during its sale to Verizon, the company was also socked with a $35 million fine for its lack of transparency after a 2014 attack. More than 40 class action lawsuits against the company also ensued.
In January of last year, Microsoft experienced a data breach of its email servers. Outlook, the company’s signature email app, which is the cornerstone of the company’s Office 365 suite of tools, is the most widely used globally, with more than a million enterprise users. The breach affected 60,000 companies worldwide. In total, some 250,000 servers were compromised over four days.
Hackers gained access to the data held by a wide variety of organizations, from small businesses to government entities. Any company that had an internet connection and locally managed servers was vulnerable to attack. Microsoft was able to provide a patch to fix the flaw in its system, but businesses were on their own when it came to implementing the correction. Those who didn’t act remained vulnerable to repeated attacks. Moreover, since these systems were not housed in the cloud, Microsoft couldn’t seal the leaks immediately. Reparation was slow and businesses remained at risk for an extended period.
The 2021 Microsoft data breach was notable because its perpetrators began ransoming businesses’ data. Hackers were able to encrypt data held on the victimized servers, rendering systems inoperable and crippling the affected businesses. They then demanded money from the businesses that attacked to return servers to normal.
Equifax is one of the “big three” among credit monitoring bureaus. As such, the company collects a tremendous amount of information about consumers. When you apply for a credit card, mortgage, or even a job, there’s an excellent chance that the person or company evaluating your eligibility will “pull” your credit report and look at how well you handle your debt.
In 2017, the company experienced a data breach that exposed the records of some 147 million citizens. Their names, Social Security numbers, birth dates, addresses, and, in some cases, drivers license numbers and credit card information were exposed. Cyberthieves were able to access records due to a vulnerability in an application attached to one of the company’s websites.
After the breach was investigated, Equifax was forced to reach a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 U.S. states and territories. According to the company, it suffered losses of $1.4 billion. The settlement included up to $425 million to help victims of the breach recover from such damages as fraudulent credit card charges and identity theft. Consumers who were affected by the breach are eligible to apply for relief until January 2024. Like many companies who experience data breaches, Equifax was not entirely transparent about the extent of the danger posed by the breach and was faulted for its slow response in addressing the security risks posed by the breach.
Love it or hate it, Facebook is a social media powerhouse, attracting nearly 3 billion users at present. In 2019, the company suffered a data breach that exposed 540 million records. Information compromised in the breach included phone numbers, user names, genders, and locations. The crime was never attributed to a specific perpetrator. The FTC assessed Facebook a $5 billion penalty for its failure to protect its users’ privacy. The government says it is the largest fine it has ever assessed: 20 times higher than any previously imposed in a data breach worldwide.
In addition to the penalty assessed, the government order required that Facebook entirely restructure its privacy practices. It also included provisions to make Facebook’s corporate leaders personally accountable for protecting the privacy of its users. It instituted greater oversight of the social media giant’s affairs. Facebook must now submit quarterly reports to demonstrate that it is complying with the rules set out by government order.
According to the National Retail Federation, Target rates seventh among the largest retail brands. The company is fortunate to have maintained its customers’ trust and affection, despite a 2013 data breach that affected some 60 million customers whose names, email addresses, phone numbers, payment card numbers and verification codes, and more were compromised.
Target escaped its breach relatively unscathed. The company reached a multi-state settlement of $10.5 million, a class action lawsuit settlement of $10 million, and was forced to make $10,000 payments to customers who could demonstrate they’d suffered losses due to the breach. Target estimated that it lost about $300 million due to the breach. The perpetrator of the data theft was never identified. The case was notable for how cybercriminals gained access to customer data. Credentials were stolen from one of Target’s third-party vendors—an HVAC contracting company—when malware was uploaded to its systems.
Let’s start with a startling statistic: A whopping 80% of data breaches are caused by human error. Weak or compromised passwords account for many of these losses. Whether you’re a consumer or a business owner, practicing excellent password hygiene is essential. It’s incumbent on business owners to make sure employees are complying with established password protection protocols and limit permissions. Employees should have access to information strictly on a need-to-know basis.
As a consumer, it’s tough to keep track of all of our passwords: Most of us have about a hundred of them. It’s too time-consuming to change them all monthly as suggested by cybersecurity experts, and it’s very tempting to reuse passwords across accounts. Password managers, which are available for a nominal cost or even for free, can alleviate the burden of practicing good password hygiene.
We’ve also learned that large companies that invest millions of dollars in cybersecurity are hardly immune from cyberattacks. And the larger the company, the more user information is exposed in the breach.
Businesses understand that customers will lose faith in them if they allow customer data to be compromised. As a result, they are not always quick to report breaches. They want to have their public relations strategies in order and their executives trained to deliver approved messages before telling the unfortunate truth. That means that users remain unaware and unprotected for longer than necessary.
Nothing and no one can keep you entirely safe from data breaches. Recent legislation, including the Data Breach Notification Act, is incentivizing businesses to protect consumer privacy more diligently, lest they suffer expensive penalties and other financial losses. But as a consumer, you play a part in your own cyber safety. Learn more by consulting trusted resources, including the federal government, for tips on how you can protect yourself from the consequences of data breaches. Their number continues to break records and will likely increase as we become more dependent on digital services.
Susan Doktor is a widely published author who writes primarily on personal finance topics, including cybersecurity and credit markets. Her contribution comes to us courtesy of Money.com.
Download this free report to learn seven steps to protect your facility from workplace violence.
This report is sponsored by the Total Security Summit, an event specifically organized for VPs, Directors, and Managers of Security who are directly concerned with their facility’s security and safety operations.
The Security Industry Association (SIA) announced a major milestone in its SIA OSDP Verified initiative – that over 100 device models have been named OSDP Verified through the comprehensive program, which validates device conformance to the SIA Open Supervised Device Protocol (OSDP) standard. SIA OSDP standard is an access control communications protocol standard maintained by SIA to improve interoperability, add […]
GXO Logistics, Inc., the world’s largest pure-play contract logistics provider, announced that it has deployed advanced air and ground security robotics at one of its major distribution centers in Clayton, Ind., and plans to significantly increase deployment of automated security systems across other sites within the next year. This would be the largest air and […]
The Security Industry Association (SIA) is pleased to announce the first members of its Utilities Advisory Board Steering Committee. SIA created the Utilities Advisory Board to offer insight and education to security practitioners, members of the security industry and other stakeholders about emerging security trends, regulatory compliance issues, and recommended practices for protecting utility infrastructure. The steering committee members, […]
SILVER SPRING, Md. – The Security Industry Association (SIA) has named Alice DiSanto the 2022 recipient of the SIA Committee Chair of the Year Award, which recognizes individuals for excellence in leading SIA committees and advancing member objectives. SIA will present DiSanto with the award at The Advance, SIA’s annual membership meeting, which will be held March 22 during […]
ISC West, in collaboration with premier sponsor Security Industry Association (SIA), continues to experience steady growth for the upcoming event, and will be taking place just less than two months away on March 22-25, 2022 at the Venetian Expo in Las Vegas (SIA Education@ISC: March 22-24 | Exhibit Hall: March 23-25). After initial reports of […]
Our world is full of threats both external and internal. This whitepaper encourages looking at life safety and security measures on your campus from another perspective. Most facilities have addressed access control and the securing of main doors, but those should be measures of last resort. There are steps you can take — some that you may not have considered — to mitigate the threat before it arrives at your front door.
The 2019 Total Security Salary Guide is here to help physical and technical security employers and employees understand where they stand in today’s security job market. This Salary Guide includes not only salary and wage data from 2017 to 2018, but also certification information as it applies to 20 benchmarked exempt and nonexempt security positions.
A proliferation of cameras has resulted in an overwhelming amount of video available to security operators, analysts and investigators. Technology that used to be prohibitively priced, is now cheap and readily accessible.
Learn how to protect your people, assets and physical spaces better with AI-powered solutions that deliver whole-building security.
