Table of contents
If you think that data security services shouldn’t be your business’ priority, think again. History teaches us that even giants that lead the market can topple under the power of a data breach. Moreover, even if the company makes it through the scandal, the damage to its reputation is irreparable.
Human psyche works in such a way that negative news make the biggest impression on us. So, to understand why you should invest in top-notch cyber security services, see the damage compromised data can cause.
5 Companies That Should Have Invested in Better Data Security Services
Desjardins
In 2019, a disgruntled employee of Canada’s biggest credit union Desjardins compromised 4.2 million customer accounts. This data breach resulted in a $200.9 million settlement of a class-action lawsuit decided on by the Superior Court of Quebec. The rogue employee had been at it for 26 months before he getting caught.
It’s essential to note that the investigation of the incident uncovered that the breach also affected 1.8 million people who weren’t Desjardins’ customers. Moreover, the case cost even more to Desjardins because it offered 5-year Equifax credit monitoring as compensation to those affected.
The employee who caused the breach accessed the customers’ names, emails, social security numbers, and transaction records. Luckily, according to Desjardins’ reports, he wasn’t able to compromise actual card numbers, passwords, and PINs.
However, this situation shows that the business can incur enormous losses without losing vital information. Moreover, it’s crucial to remember that this data breach wasn’t a result of an outside cyberattack. Instead, the breach occurred from within, highlighting the need to invest in 100% comprehensive information security audits and monitoring. It’s also a reminder to employers that they must be extremely selective with privileged access to critical data. Malicious employees shouldn’t be able to access such information and go undiscovered for years.
Equifax
The Equifax cyber security breach is considered one of the worst in history. It was a true disaster, and the settlement alone cost Equifax $425 million. However, the actual cost of this breach was much higher. This incident compromised the personal information of 147 million people. Quite a few of them suffered severe consequences from this identity theft.
The biggest issue with this breach was that it exposed inadequate cybersecurity practices of Equifax. As a result of poor data security services, there were several significant flaws that could exploit.
- Equifax failed to fix a well-known vulnerability, CVE-2017-5638, although the patch was available.
- The company didn’t segment its ecosystem. As a result, the hackers only needed to gain access once through a breach of the Equifax web portal. From there, they could access multiple servers stealing valuable data.
- The attackers could easily escalate their access because they found passwords and usernames saved in plain text.
- As Equifax didn’t bother renewing one of their encryption certificates, the hackers could exfiltrate the data easily. Moreover, they’ve been doing it for several months completely undetected.
In addition, the company executives chose to hide the breach and announced it only a month later. During that time, they sold off their stock, which triggered a case of insider trading. Final investigations indicate that this data breach could potentially impact about 40% of the entire US population.
All in all, this case is the best example of why you must keep your data security services up-to-date.
Yahoo!
Yahoo suffered two disastrous data breaches in 2013 and 2014. However, the company went public about this only in 2016. A total of 3.5 billion accounts were compromised in those incidents. Verizon was in the middle of buying Yahoo, when it finally shared information about the breach. The deal went through, and Verizon’s spokesperson highlighted that they would help the Yahoo team improve their security.
Eventually, the Yahoo database was discovered for sale on the black market. Compromised information included users’ names, dates of birth, phone numbers, emails, and hashed passwords. But, according to Yahoo, hackers didn’t steal credit card numbers and other payment details.
The class action lawsuit took years, but in 2020 the Northern District of California approved a settlement of $117.5 million. However, it’s only a fraction of what such poor data security services will cost. The bigger consequence for Yahoo is that Verizon bought it for a much lower price.
Mariott International (Starwood)
Over 500 million accounts were compromised in a massive data breach of the Starwood hotels, purchased by Mariott in 2016. Marriott carried out an investigation that revealed that the Starwood network was breached in 2014. From there, the breach spread to other hotels owned by Mariott, including Sheraton, St. Regis, Westin, and W Hotels.
A wide range of hotel guests’ personal information was stolen in that data breach. Currently, the class action lawsuit includes 133 million plaintiffs and is still underway. The UK Information Commissioner’s Office fined Marriott about £18.4 million. However, this story of disastrous data security services isn’t over yet.
The example of Marriott indicated how crucial it is to carry out regular and in-depth information security audits. It’s highly troubling that the breach has gone unnoticed for four years. During this time, hackers managed to exploit system vulnerabilities to compromise additional databases.
Adobe
In 2013, Adobe reported that it suffered a cybersecurity breach that compromised 153 million user accounts. In addition, 38 million active users lost their IDs and encrypted passwords. Investigations show that users’ names and credit card information were stolen as well.
Adobe paid $1.1 million in legal fees and supposedly $1 million as an undisclosed settlement with its customers.
The true tragedy of this story is that the company didn’t learn from the incident. As a result, Adobe suffered several more debilitating breaches over recent years. For example, in 2022, an unsecured server became the cause of compromising 7.5 million Creative Cloud accounts.
How to Choose Data Security Services Company
These are only five examples of how much a security breach can cost a business. But there are thousands of other cases like this. Cumulative losses caused by cybercriminals are going into trillions already.
So, if there is one thing a business can’t afford to be cheap about, it’s information security. The road to making your business as safe as can be starts with a comprehensive audit.