Table of content:
Intro
In recent years, there have been several high-profile data breaches at small and medium-sized businesses (SMEs) due to inadequate data protection. These breaches have resulted in the loss of sensitive data, financial damage, and reputational damage for the businesses involved. In this blog post, we'll take a look at some of the most memorable data breaches of recent years.
What constitutes a data breach?
A data breach occurs anytime that confidential, protected, or sensitive information is accessed without the proper authorization. This can be done by accident such as with a negligent employee or it can be the result of a hacker gaining access to company data and releasing it to the public. Either way, anytime data is accessed by people without the proper authorization this will constitute a data breach for that company.
What is the cost of a data breach?
Data breaches can be extremely expensive for companies. The average cost of a data breach in 2019 was $3.92 million. This alone would explain why companies should invest heavily in security but the costs are not just strictly financial.
On average, companies' share prices dip by 5% following a data breach and there’s also significant reputational damage depending on the type of data that is leaked as a result.
For example, the company Ashley Madison, which is a dating site to facilitate affairs among married people had a data breach back in 2015.
This type of information being leaked could seriously damage the company’s customers’ personal lives. This opened up Ashley Madison to lawsuits as well as loss of customers that refused to trust the company after having their data leaked.
What are the biggest factors that cause data breaches?
One of the most common questions we get asked is "What are the most common causes of data breaches?" This is important to understand from a business perspective so that you can plan out how you are going to guard against these risks. Here are some of the most common causes of data breaches:
- weak or stolen passwords
- unsecured data
- malware or viruses
- insider threats
- phishing attacks (social engineering)
- leaked data on social media
Personal Data Breach examples
1) Yahoo Data Breach
Yahoo recently announced that it had suffered a data breach in which sensitive information from 500 million user accounts was stolen. This is one of the largest data breaches in history, and it has left many people wondering about the safety of their personal information.
2) Equifax Data Breach
Equifax, one of the three major credit reporting agencies in the United States, announced a data breach on September 7th, 2017. The breach, which began in May, exposed the personal information of up to 143 million people. This includes names, Social Security numbers, birth dates, addresses, and driver's license numbers. In some cases, credit card numbers and dispute documents were also exposed.
3) Marriott International Data Breach
In September of 2018, Marriott International announced that they had suffered a data breach that affected the personal information of over 500 million guests. The breach was caused by an unauthorized party accessing Marriott's Starwood guest reservation database. The information accessed included names, dates of birth, phone numbers, email addresses, passport numbers, and even credit card information.
4) Facebook Data Breach
This breach affected over 50 million users and exposed personal information such as names, birthdates, addresses, and phone numbers. Facebook has taken steps to secure its systems and prevent future breaches.
5) Target Data Breach
In September of 2018, Target announced that a data breach had occurred, exposing the personal information of millions of customers. The breach was caused by a third-party vendor, and it resulted in the theft of customer names, credit and debit card numbers, expiration dates, and PINs.
Target notified customers of the breach and offered free credit monitoring and identity theft protection. The company also took steps to improve its security measures, such as implementing EMV chip-enabled terminals for all stores and adding additional layers of security to its online applications.
6) Adobe Data Breach
On October 3, 2019, Adobe announced that it experienced a data breach that affected millions of customers. The breach occurred when an unauthorized party accessed Adobe's systems and gained access to customer names, credit and debit card numbers, expiration dates, and other sensitive information.
7) LinkedIn Data Breach
On May 17, 2016, LinkedIn announced that it had suffered a data breach in which over 100 million user accounts were compromised. This was one of the largest data breaches in history, and it had a profound impact on the security of social networking sites.
In the wake of the breach, LinkedIn took steps to improve its security, including implementing two-factor authentication and increasing the security of its password recovery process. However, the damage was already done, and many users were left feeling betrayed by the company.
While LinkedIn has since recovered from the breach, it serves as a reminder of the importance of data security. This breach was a major wake-up call for the company, and it is something that all businesses should be prepared for.
How to prevent data breaches
Data breaches are becoming all too common, and no company is safe from them. To prevent your company from becoming the victim of a data breach, there are a few things you can do, and it all comes down to having good risk management.
First, you need to have a strong security system in place. This includes firewalls, intrusion detection systems, encryption, and other information security measures that will help to prevent the initial compromise of your environment.
You also need to have a privacy policy that will govern how data is to be used, protected and shared within your organization to limit the number of people that have access to confidential information.
Thirdly, you need to train your employees on how to spot potential security threats and what to do if they encounter one. Additionally, they need to be trained on how to enforce data privacy in an organization, this usually means labeling data with the appropriate sensitivity and knowing when to share information with other employees/third parties.
Additionally, you should have a plan in place for what to do in the event of a data breach. This is commonly called an incident response plan and should include who to contact, how to contain the breach, and how to prevent future breaches.
Lastly, you should have routine penetration testing done to test your organization’s security posture and ensure the security controls are working as intended.
By taking these steps, you can help prevent your company from becoming the victim of a data breach.
Recap
In conclusion, the examples of SME data breaches in this article illustrate the importance of cyber security for all businesses. In today's digital world, no business can afford to overlook the importance of cyber security. To stay up to date on the latest in cyber security, subscribe to our blog for more tips.