In this article:
Company Impact
Organizations that get it wrong pay the price for non-compliance both financially and by damage to their reputation and the trust of their customers.
Real World Examples
In the past few years, there have been quite a few devastating data breaches, and you've likely been caught up in one. Here are a few of the more notable ones.
UK Conservative Party Conference
In 2018, the UK Conservative Party (a leading political party) used a Conference App at their Annual Party Conference – however, that App used only email addresses and a common password as login credentials and it allowed anyone to log in as a politician, participant, or journalist attending the event in Birmingham, England just by typing in their email address. This lack of data security allowed journalists to log in as, and impersonate, senior politicians, accessing secure data and PII. The Conservative Party, Meeting Planner and App provider all faced huge fines and massive reputational damage for this lack of data protection and failing to use appropriate security processes. The app included PII such as personal mobile numbers for every politician and journalist that were scheduled to attend the conference.
Zoom
Since everyone was using Zoom to communicate during the pandemic, it should come as no surprise that it became a prime target for hackers. Here's a brief timeline of how they fumbled the data football:
- Spring 2020 - Right at the start of the pandemic, it was announced that credentials for more than 500,000 Zoom accounts were posted online.
- May 12th, 2020 - Hundreds of fake accounts and domains were registered with Zoom for the purpose of impersonating companies.
- June 17th, 2020 - Zoom finally offers end-to-end user encryption.
- July 31st, 2000 - A security flaw allows anyone to join a public meeting. As you can imagine, this caused chaos.
It's important to note that these accounts weren't compromised through a data breach, but rather through credential stuffing. This is when someone tries a username and password that was leaked in a previous data breach from another company. This only works if the account holder uses the same password for more than one account, which is why it's so important for every account you create to have a unique password.
Marriott
Marriott has suffered multiple data breaches over the years. They were hit with a $24 million fine for failing to secure customer data. They had a huge data breach in 2018 that resulted in 500 million guests having their data leaked. They had another data breach in 2020 that exposed the personal details of 5.2 million guests. In the end, the digital thieves made off with 20GB of internal documents and customer data, wage data, PII, and even a personnel assessment of a staff member at the hotel.
Equifax
One of the worst data breaches in modern history happened in 2017. From mid-May until July, unauthorized people had access to 145.5 million customer records, or nearly half the population of the United States, which included social security numbers, birth dates, and other sensitive data. The thieves also stole more than 200,000 credit card numbers. Equifax waited two months to reveal the breach. A $700 million settlement was reached in July 2019. Customers had the option of choosing a $125 cash payment instead of credit monitoring services, which went over about as well as you'd imagine.
Sony
Gamers were targeted in 2011 when 77 million PlayStation accounts were compromised. Names, addresses, and other data were exposed. The attack caused Sony to disconnect the PlayStation Network servers for 24 days, resulting in a $171 million loss for the entertainment giant. Sony offered those impacted credit monitoring services. They suffered a similar data breach in 2014, where pre-release movies and celebrities' private information were released. Sony's reputation was irreparably harmed, and it's why to this day you see people recommending enabling 2FA and not storing your credit card information on your account.
Target
If you live in the United States, there's a good chance that you've made a trip to Target. Devious actors had the same thought, and in 2013, they gained access during the holiday season to 40 million credit and debit card numbers, including names, addresses, expiration dates, and CVVs. They were very good about reporting it though, comparatively, as they noticed the breach 16 days after it occurred and sent out notifications four days later. This caused many people to cancel their cards as fake cards could be created. In 2015, Target reached a $10 million settlement.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article