High Profile Data Breaches – Lessons Learned

One of the most high profile data breaches of our time has been the Ashley Madison data breach that made headlines worldwide. The controversial nature surrounding this site made it a hot topic on media streams globally, everyone from the average joe to a-list celebrities have been linked to the website. The hacking of the adult dating site led to the subsequent release of usernames, first and last names, and passwords for 33 million accounts along with partial credit card data and addresses for the users.

Although your business may be far from the controversy of an adult dating site, you too are vulnerable to a data breach. As long as your business holds any customer/business data ie. names, addresses, credit card details etc. you are a target. What would you do? These high profile data breaches have highlighted the negative effect these breaches have on your business’ revenue aswel as your reputation. There is lessons to be learned.

Data is valuable and the more private the data, the more business you’ll receive. For example, in the case of the Ashley Madison breach the service was sold to them on the basis that all members were completely anonymous. These customers didn’t care to get into the technical details of how their privacy is protected and given the nature of the business it was a reasonable perception for them to expect to be protected.This is the case for every business, it doesn’t matter if you’re Ashley Madison or not. If customers aren’t confident that their private details are protected then there is no business.

So, what can you do to be more secure? Be thorough. If you notice that your security is weak, fix it. Immediately. Plus, don’t make the mistake that Ashley Madison did. In their case, they noticed that their approach was weak so they fixed it. Unfortunately they fixed it after the first 11 million users had already signed up and failed to apply the fix to the prior users. This was a simple yet brutal mistake and it essentially led to one of the most high profile data breaches of all time. Sony is another example of a high profile data breach that occurred in 2014. In their case, they were hacked from phishing emails.

Many top Sony executives had been receiving fake Apple ID verification emails that contained a link to a domain called “ioscareteam.net”. Upon entering this domain, employees were prompted to enter his/her Apple ID details into a fake verification form. After obtaining the victims’ Apple Id and passwords, the hackers then used the stolen credentials in conjunction with LinkedIn profiles to figure out their Sony log in details.

The hackers hoped that employees had used the same passwords for work and personal accounts. The hackers then used this employee data and coded it into a strain of malware called “wiper” which succeeded in crashing Sonys computer networks and hackers then released stolen documents online which included financial records and the private keys to Sony’s servers. This again highlights the importance of protecting your data and ensuring your employees are compliant when it comes to creating passwords etc. Cyber is a huge risk to every business and it is only going to increase if companies and businesses don’t educate themselves and their employees.