Another day, another data breach. What can we glean from Yahoo’s security issues and disclosure agreements?
With October being National Cybersecurity Month, it’s rather timely that recent headlines are focusing on yet another large-scale data breach. Internet giant Yahoo is the center of the latest cybersecurity fraud, and people are a bit perplexed because the breach didn’t just happen; it occurred in 2014.
The company announced that data “associated with at least 500 million user accounts,” was stolen, and that a “state-sponsored” attacker acquired the data, which includes usernames, email accounts, and passwords, as well as telephone numbers, and street addresses. The company also said there was “no evidence that the state-sponsored actor is currently in Yahoo’s network.”
The lag in notification time has revived a call for federal breach notification legislation, which aims to “require companies, in appropriate circumstances, to provide notification to consumers when there is a security breach.”
After the news broke, thousands of Yahoo users flooded social media channels to express their frustration that it had taken the company two years to uncover this massive breach. Several users even said they were closing their accounts.
The size of the data breach could spell disaster beyond Yahoo’s limits; experts have warned the impact of this could spread throughout the internet. The company has been losing users and ad revenue in recent years, and this circumstance further proves how costly data breaches really are.
In our recent blog on the matter, the average cost of a data breach is a whopping $4 million dollars, a number that has gone up 29% since 2013. Aside from just numbers, data breaches cost more in reputation, trust, and willingness of consumers.
For users, there are protective measures to take to protect your identity. Regularly change your passwords, change your security questions, and call for a free credit report to monitor any suspicious activity.
Data breaches are good reminders why data protection should be a top priority for businesses. Anyone who exchanges sensitive information, whether it’s digital or analog, should invest in a security plan that includes hard drive destruction, data destruction, and paper shredding.
Legal Shred can help businesses and consumers properly destroy both digital and paper data to mitigate identity theft and non-compliance. We offer hard drive destruction, electronics recycling, and document shredding to ensure the safety of your business and its data.