Security & Data Breach Fines
One of the most obvious places to find evidence of increasing cybercrime are the fines levied on organizations who suffer data breaches and security incidents.
In today’s fast paced world people rely heavily on mobile phones, computers, laptops, and other gadgets to make their lives easier and more convenient. While technological advancements have been significant to the world’s progression, this big shift towards technology has also imposed a lot of risks that increase the more we progress.
You may have heard or read articles about different cyber crimes such as identity theft, online frauds, scams, malware attacks, and security breaches. Despite the fact that local government and cyber security professionals from around the world have been doubling their efforts to raise awareness and educate about the importance of network and device security, the numbers of cyber crimes are still on the rise.
Nowhere is this more obvious than in the increasingly massive fines we see levied on organizations for data breaches and security incidents involving personal data. Just last year some very well known companies took a massive financial loss due to security and data breach fines. Authorities have always been pointing out that stolen data is something that requires public’s full attention. This can result into millions to even billions of private records and confidential data that could impact not only the organization, but also the individuals’ personal information, resulting in massive fines.
Let’s take a look back at some of the biggest data breach incidents and the subsequent financial penalties in history:
1. Yahoo - Estimated Damage: $85 million
Yahoo was responsible for one of the most controversial security breach incidents in the history of cyber crimes. About 6 years ago, Yahoo hit a massive data breach affecting its entire database estimating to over 3 billion accounts. In addition to that, authorities said that the company did not disclose this incident for 3 years. It was just last year, when local governments have fined the company $35 million for not disclosing the information. A few months after, Yahoo’s new owner Altaba said that the company also settled a class action lawsuit costing them about $50 million.
2. Equifax - Estimated Damage: $575 million
Equifax joins the list in 2017 where the company has lost personal and financial details of about 150 million. According to experts, the database was breached due to an unpatched Apache Struts framework. Equifax tried to resolve the problem for months, but did not inform the public about the incident.
Just this year, the credit agency agreed to pay about $575 million—in which it could actually go over $700 million in a settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and all 50 states.
3. British Airways - Estimated Damage: $230 million
Despite the EU’s General Data Protection Regulation (GDPR) provision requiring corporations to pay sizable number of fines, experts have observed that it’s not really helping a lot in terms of preventing security breaches. They said that it’s probably because the fines issued by data protection organizations across mainland Europe linked to security breaches are just a small fraction compared to the companies receiving under prior regulations.
Things changed drastically when British Airways had to pay a fine of $230 million, the company was fined by the authorities when they discovered the Magecart group has been using card skimming scripts to steal their personal payment data. According to reports, the aforementioned group had scraped over 500,000 customers in just two weeks. During the investigation, authorities have also found that the cause of the breach was due to poor security arrangements at the company. They mentioned that certain processes and regulations in BA do not comply with the recommended data security standards.
4. Marriot International - Estimated Damage: $124 million
Marriot International also suffered a massive loss, and was fined $124 due to compromised personal information of over 500 million customers. The attackers have harvested payment information, names, addresses, phone numbers, email address, and passport details.
The ICO (Information Commissioner’s Office) said that the company failed to secure their system when it bought Starwood; wherein they could have done something more to prevent security breach. In an interview, Arne Sorenson, CEO of Marriot International, said that the company was disappointed with the decision and will contest the penalty. On top of that, Marriot was also fined $265,000 by the Turkish data protection authority for the breach.
5. Uber - Estimated Damage: $148 million
3 years ago, Uber also suffered a massive data breach compromising 600,00 drivers and over 57 million user accounts. Reports said that the company paid a sum of $100,000 to the perpetrators in exchange for not disclosing the hacking incident. In 2018, authorities have discovered the information and fined the company $148 million, which was the biggest data breach fine at that time.
There are many other massive losses due to security breach involving big organizations and corporations. This includes Tesco Bank with over $21 million, retail giant Target with $18.5, and Jackson Health Center with $2.15 million.
These alarming figures only show how well-versed hackers and cybercriminals can be. In just split seconds, they can breach into your system, spread computer viruses and malware attacks, steal your information, and use them against you.
What can you do?
The best thing you can do to prevent these cyberattacks is to be cautious with your activities including browsing the Internet, connecting to a wiFi network, and making transactions online. Encrypt your data with unique passwords using different tools.
Update your Operation System (OS), apps, and security software. Consider equipping your device, apps, and other programs with biometric or multifactor authentication. For public networks, you may also try switching to VPN to secure your IP address.
For businesses and enterprises, take some time to check your policy for device usage in the office. Other than investing in comprehensive antivirus and anti-malware software, you should also have IT experts inspect every office hardware.
Finally, be careful what you click on in emails and on websites!