Data breaches are becoming expensive

It seems that summer 2019 is when data breaches start to finally cost some real money to companies with bad security practices on both sides of Atlantic ocean:

FTC hits Equifax with fine of up to $700M for 2017 data breach
https://techcrunch.com/2019/07/22/equifax-fine-ftc/?tpcc=ECFB2019

Marriott to face $123 million fine by UK authorities over data breach
https://techcrunch.com/2019/07/09/marriott-data-breach-uk-fine/

UK’s ICO fines British Airways a record £183M over GDPR breach that leaked data from 500,000 users
https://techcrunch.com/2019/07/08/uks-ico-fines-british-airways-a-record-183m-over-gdpr-breach-that-leaked-data-from-500000-users/

15 Comments

  1. Tomi Engdahl says:

    Some of Russia’s surveillance tech leaked data for more than a year
    https://www.zdnet.com/article/some-of-russias-surveillance-tech-leaked-data-for-more-than-a-year/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d68837a4b188d00011b2240&utm_medium=trueAnthem&utm_source=facebook

    Security researcher finds that some of Russia’s SORM wiretapping equipment had been leaking user data.

    A Russian security researcher has found that hardware equipment meant to be used by Russian authorities to intercept internet traffic had been leaving data exposed on the internet.

    30 SORM DEVICES HAVE LEAKED SURVEILLANCE DATA
    But in a talk at the Chaos Constructions security conference last Sunday, on August 25, a Russian security researcher named Leonid Evdokimov revealed that some of these wiretapping devices have been leaking data.

    Evdokimov said he found 30 SORM devices installed on the network of 20 Russian ISPs that were running FTP servers that were not secured with a password.

    These FTP servers contained traffic logs from past law enforcement surveillance operations

    Reply
  2. Tomi Engdahl says:

    https://nakedsecurity.sophos.com/2019/09/17/teen-music-hacker-arrested-in-uk-for-stealing-bands-unreleased-music/

    A 19-year-old UK man has been arrested for allegedly stealing unreleased songs from world-famous musicians’ websites and cloud-based accounts and selling the music for cryptocurrency, authorities in London and New York announced

    Detective Inspector Nick Court, from PIPCU, said that the suspected hackers stole the music and sold it on illegal streaming sites worldwide, ripping a hole in victims’ livelihoods:

    This sort of crime causes significant financial loss to those who work so incredibly hard to produce, write and make music for their fans to enjoy.

    Reply
  3. Tomi Engdahl says:

    But as breaches become more commonplace, few companies remember the actual incident itself — or even the number of users or customers affected. No matter what kind of security incident you’re thrown into, what happens afterward is how you will be remembered.

    Get it right, you can save face. Get it wrong, and you’ll never live it down.

    Don’t try to cover it up

    Source: https://techcrunch.com/2019/10/04/how-you-shouldnt-handle-your-data-breach/

    Reply
  4. Tomi Engdahl says:

    No matter what kind of security incident you’re thrown into, what happens afterward is how you will be remembered.

    Do the wrong things and your hacked company will be remembered as cyber security clueless and one that smart customers think more than twice if they want to give their info to them.

    Reply
  5. Tomi Engdahl says:

    10% of Small Businesses Breached Shut Down in 2019
    https://www.darkreading.com/operations/10–of-small-businesses-breached-shut-down-in-2019/d/d-id/1336156
    As a result of cybercrime, 69% of small organizations were forced
    offline for a limited time and 37% experienced financial loss. 25%
    filed for bankruptcy.. Source survey:
    https://staysafeonline.org/small-business-target-survey-data/

    Reply
  6. Tomi Engdahl says:

    Breach affecting 1 million was caught only after hacker maxed out target’s storage
    Hacker’s data archive file grew so big that the target’s hard drive ran out of space.
    https://arstechnica.com/information-technology/2019/11/breach-affecting-1-million-was-caught-only-after-hacker-maxed-out-targets-storage/#

    The FTC said in a statement that as part of a proposed settlement, InfoTrax will be barred from collecting, selling, sharing, or storing personal information unless the company implements a security program that corrects the failures identified in the complaint. InfoTrax will also be required to obtain third-party assessments of its security every two years.

    Reply
  7. Tomi Engdahl says:

    That means that personal and payment information of almost every North American who has a credit card was compromised in the last 2 years.
    #privacybreach #staysecure #cyberwall #cybersecurity

    If you bought anything from these 20 companies recently, your data may have been stolen
    https://www.businessinsider.com/data-breaches-retailers-consumer-companies-2019-1?r=US&IR=T

    Data breaches are becoming common for all kinds of businesses, including retailers.
    Since the start of 2018, at least 20 retailers and consumer companies were hacked and likely had information stolen from them.
    Many of these breaches were caused by flaws in payment systems that were taken advantage of by hackers.
    Retailers who suffer data breaches risk losing their customers’ trust.

    According to a study by KPMG, 19% of consumers said they would completely stop shopping at a retailer after a breach, and 33% said they would take a break from shopping there for an extended period.

    Here are the consumer and retail companies that have suffered a data breach since January 2018

    Reply
  8. Tomi Engdahl says:

    “Asiakkaiden luottamuksen menetys johtaa tietomurrossa vakaviin taloudellisiin vaurioihin”, IBM Securityn väki kirjoittaa aika lakonisesti 2019 Cost of Data Breach -nimisen tutkimuksen loppuraportissa.
    https://www.mikrobitti.fi/uutiset/tama-on-tietomurron-ensimmainen-uhri/768fa4a2-d8b4-4e3a-9a3d-15e1fa83f426

    3 keys to preserving customer relationships in the wake of a data breach
    https://www.csoonline.com/article/3454597/3-keys-to-preserving-customer-relationships-in-the-wake-of-a-data-breach.html

    To thrive after a data breach, try talking to your customers during one

    For any organization, the primary objective of a “crisis” is to get through the event with as little long-term impact as possible. This means all the elements of your company that were thriving beforehand should still be thriving afterwards. From this perspective, it’s not enough to get a system back up and running after a data breach, if you’ve damaged other parts of the business in the process – for example, your customers lose trust in you and take their business elsewhere.

    Reply
  9. Tomi Engdahl says:

    $3.92 million
    The global average cost of a data breach for the 2019 study is $3.92 million, a 1.5 percent increase from the 2018 study. As shown in the following chart, the average total cost of a data breach climbed from $3.5 million in 2014, showing a growth of 12 percent between 2014 and 2019.

    What’s New in the 2019 Cost of a Data Breach Report
    https://securityintelligence.com/posts/whats-new-in-the-2019-cost-of-a-data-breach-report/

    Yet we also found characteristics of data breaches in the study showing how difficult it is for organizations to recover from breaches. This year, we found that the time it takes organizations to identify and contain a breach — what we call the data breach life cycle — is 279 days. The 2019 life cycle is 4.9 percent longer than the 266 day average in 2018. In addition, we found that the longer a breach’s life cycle is, the greater the total cost. This is especially true in the case of malicious and criminal attacks, which take an average of 314 days to identify and contain.

    Top Cost Mitigating Factors: Incident Response Teams, Plans and Encryption
    Our research has traditionally looked at factors that either increase or decrease the cost of a data breach. In this year’s report, we added some new cost factors into the mix to flesh out more findings about what areas businesses could look at to mitigate the financial impacts of a data breach.

    Reply
  10. Tomi Engdahl says:

    IT vendor fined after data of 47,800 students, parents and staff of Singapore schools hacked
    Read more at https://www.todayonline.com/singapore/it-vendor-fined-after-data-47800-students-parents-and-staff-singapore-schools-hacked

    IT vendor Learnaholic has been fined S$60,000 after the personal data of more than 47,000 students, parents and staff of various schools were hacked.
    Read more at https://www.todayonline.com/singapore/it-vendor-fined-after-data-47800-students-parents-and-staff-singapore-schools-hacked

    Reply
  11. Tomi Engdahl says:

    Jeff Stone / CyberScoop:
    Equifax to pay $380.5M to members of a class action suit whose data was compromised in 2017 breach, after a federal judge approved the final settlement Monday — Equifax has agreed to pay $380.5 million to resolve allegations related to the 2017 data breach in which hackers stole information belonging …

    quifax to pay customers $380.5 million as part of final breach settlement
    https://www.cyberscoop.com/equifax-data-breach-settlement/

    Reply
  12. Tomi Engdahl says:

    Shipbuilder Austal was hacked with stolen creds sold on dark web
    https://www.itnews.com.au/news/shipbuilder-austal-was-hacked-with-stolen-creds-sold-on-dark-web-546165
    Austal, the ASX-listed shipbuilder and defence contractor, was
    compromised in late 2018 by an attacker who used login credentials
    purchased on a dark web forum, but who then failed to extract much of
    value or secure a ransom to have it returned.. CEO David Singleton
    provided a full post-mortem of the mid-October 2018 breach last week -
    which he said included a grilling from senior government ministers -
    and revealed cyber defences put in place afterwards had saved the
    company from credential phishes as recently as the past fortnight.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*