In the last 13 years, we have had several cases of data leaks around the world, which coincide with the dizzying increase in the availability of personal data on the web and servers.
With people connected 24 hours a day, the desire of cyber criminals to have access to this valuable information has increased. While some focus on individual information, the most prepared focus on massive data theft and look for breaches in databases that can reach billions of people, such as those of Facebook, Yahoo, and Adobe, for example.
In this article, we will talk about the main losses for the business that can be caused by a data leak, mention 9 famous cases of these attacks, and provide prevention tips. Check out!
Main damages caused by a data leak
The extensive and variable risks that companies face when falling victim to a data breach can be damaging to revenue and reputation, and managing the fallout can be very expensive.
The 15th edition of the annual Cost of a Data Breach Report, with research from the Ponemon Institute and published by IBM Security, found that the total global cost of a data breach between August 2019 and April 2020 averaged 3.86 million dollars. The study analyzed 524 breaches that occurred at organizations of all sizes, across 17 geographic regions and 17 industries.
However, the harmful side effects of a data breach go beyond financial ones. Let’s talk about them.
For many, the most fateful consequence of a data breach is the financial loss incurred. Depending on the nature of the breach, a variety of financial problems may occur.
Companies that suffer these types of attacks may have to bear the costs incurred in containing the breach, compensating affected customers, and realizing a reduction in stock value and high-security costs.
While business leaders cannot definitively predict how — or if — finances will be affected in the event of a breach, the losses can be significant, as the study cited above shows.
Damage to reputation
In today’s hyperconnected world, news travels fast. Even those who may have never heard of your company will likely hear about a breach in the days that follow. The damage a data breach can do to a company can be devastating, especially if the breach was preventable or puts customer data at risk.
Loss of trust, negative press, associated identity theft, and potential customers’ opinions of your company can all be affected, leaving dark clouds over your brand’s reputation and creating long-term complications.
With all the attention focused on your business following a breach, it is crucial to ensure that managing its aftermath is handled appropriately. Otherwise, you risk losing current and potential customers to competitors who may be seen as safer.
From the moment your data is compromised, through the entire investigation and recovery process, the effects of a data breach significantly impact business operations.
Depending on the severity, they can result in a complete loss of important data, requiring victims to spend long periods recovering. The most common course of action in these scenarios is to shut down operations entirely until a solution is found, allowing enough time to focus on finding the source of the breach.
Unsurprisingly, this has a trickle-down effect. The longer operations have been suspended, the more likely customers are to leave, which can result in even more lost revenue.
Cyber breaches involving individuals’ personal information often result in class-action lawsuits. Add in all the legal fees that come with these payments, and companies are faced with much higher costs than most can prepare for.
In some cases, authorities may even prevent companies from carrying out certain operations until legal investigations are completed, which can lead to additional long-term problems.
If you think you’ve noticed a pattern between these four situations, you’re correct. What makes each of these side effects so devastating is how they are circumstantially linked to each other and how once you get involved in one problem, the other three will soon follow.
Preparing for the threat of an attack and taking appropriate preventative measures is the best way to ensure your business does not fall victim to a cyber breach. If your organization doesn’t take information security seriously, there could be serious consequences.
9 famous data leak cases
Let’s remember 9 famous cases of data leaks that happened to giant companies so that they can serve as an example for your customers to understand the importance of prioritizing web security. Check out!
In 2013, Adobe, one of the giants in the world of technology, and developer of high-performance software suffered an attack that resulted in the leakage of data from more than 38 million users of the company’s programs.
Among the personal information leaked are users’ names, passwords, and even credit card numbers. What mitigated the strength of this attack is the fact that this data is encrypted — which does not mitigate the system’s vulnerability.
One of the most popular car rental companies in the world, Uber, also did not escape seeing its users’ and drivers’ data being stolen by cybercriminals. The case happened in 2016 and was revealed in 2017.
In total, it is estimated that data from 57 million people, including users and drivers, was leaked — name, email, telephone number, card numbers, and various other personal information.
3. Ashley Madison
The adult dating website Ashley Madison was attacked by a collective of hackers called “The Impacte Team”, who published around 30 GB of customer data from the page. Among all this, in addition to personal information, such as names and emails, it also contained data considered sensitive, such as users’ sexual preferences.
As it is a site where users seek absolute confidentiality, the revelation of this information had very serious consequences, which culminated in the departure of the company’s director.
The second largest department store chain in the United States, the American retailer Target, had its database attacked, affecting around 70 million consumers.
In this attack, criminals had access to data such as credit and debit card numbers, validity, and security codes. It is estimated that the damage from the attack is approximately 3 billion dollars.
5. PlayStation Network
Sony’s servers, more precisely its online video game network, the Playstation Network, were hacked in 2011, leaving the service offline for more than 40 days. In this action, approximately 77 million customers were affected, with data such as usernames, passwords, and even credit card numbers leaked.
After more than 40 days of recovery, to try to reduce the impacts and clean up the brand’s reputation, Sony presented its customers with games, films, and other products.
Another giant in the world of technology, Yahoo also had its setback when it suffered an attack that affected around 3 billion email accounts on the service in 2013.
After years of investigation, users had the peace of mind to discover that their bank details were protected. Hackers gained access to personal data such as name, email address, phone numbers, dates of birth, and passwords for your accounts.
One of the largest PC gaming platforms in the world, Steam, was attacked by hackers in 2011. Criminals managed to invade Valve’s servers and had access to information such as logins and credit card numbers.
At the time of the event, the company had 35 million users, but there was no confirmation that everyone was affected.
8. Banco Inter
Let’s look at the case of a Brazilian company, Banco Inter, one of the pioneers in offering digital accounts in the country. A leak left around 19 thousand account holders vulnerable in 2018. The hackers’ objective was to extort the bank, three days after the company traded its shares on the stock exchange.
In December of the same year, the company closed an agreement with the Public Ministry of the Federal District and Territories, with the payment of BRL1 million(197,490 USD) to public institutions that work to combat cybercrime and a relevant amount destined for charity institutions.
We leave the most emblematic case for last, related to the largest social network in the world, Facebook. With billions of users around the world and almost immeasurable data production, the company was involved in a scandal that goes beyond the digital sphere. It involved British digital marketing consultancy Cambridge Analytica and affected more than 50 million accounts around the world.
The information stolen was logins and passwords, which may seem simple, but it had a very well-defined objective: to use such personal information in the 2016 election campaign, in favor of candidate Donald Trump.
Even though it happened in 2016, the case only came to light in 2018, with the company’s founder having to explain himself, in the American Senate, and pledging, among other things, to work hard so that the elections in Brazil, which would take place that year, were not affected by leaks and shady tactics on the social network.
Key Findings That Might Surprise You
In addition to the data related to the costs incurred by a data breach, the IBM Security report mentioned at the beginning of this article also brought some valuable conclusions for those who want to improve information security in the company. Let’s talk about some of them here.
Security automation and incident response readiness are cost-effective
Detecting a breach as quickly as possible through the use of automation and responding to contain the breach more quickly with a trained and prepared incident response team significantly limits the financial damage from a data breach.
In the study, the average cost of a data breach in organizations that have deployed security automation technologies — such as artificial intelligence, machine learning, analytics, and automated orchestration — was much lower than in organizations that have not yet deployed these technologies.
The average cost of a breach in organizations with fully deployed security automation was $2.45 million, compared to $6.03 million in organizations without security automation — a whopping $3.58 million difference.
Compromised credentials and cloud misconfiguration are the biggest attack vectors
Malicious attacks were responsible for 52% of breaches in the study period, an increase of 51% compared to the same survey carried out the previous year. The report took a deeper dive into the types of malicious attacks, analyzing the cost and frequency of nine top attack vectors.
The most frequent initial attack vectors included compromised credentials (19% of malicious breaches), cloud misconfiguration (19%), and vulnerabilities in third-party software (16%). These three vectors are also the most expensive, with breaches due to compromised credentials averaging $4.77 million, vulnerabilities in third-party software averaging $4.53 million, and cloud misconfiguration breaches averaging $4.41 million.
Ransomware and destructive attacks are more expensive than common breaches
Not all data breaches involve theft or leak — sometimes records are destroyed or held hostage for ransom. The report also analyzed the cost of breaches involving destructive malware and ransomware.
The average destructive malware breach cost $4.52 million and the average ransomware breach cost $4.44 million. The overall average cost of a malicious breach was $4.27 million.
In this post, in addition to mentioning the main losses that a company can suffer due to data leaks, we remember some of the most famous cases in Brazil and around the world, to get an idea of how vulnerable data is in the digital world. We also brought some recent insights so that you can design a counter-attack defense strategy in your company.
It is up to developers and IT managers to adopt security measures to reduce these risks, after all, in most cases, intrusions happen after negligence on the part of the users themselves. Good access control, password policy, and two-factor authentication are measures that anyone can start taking today.
Now that you know the aggressive potential of a data breach, start studying the main defense mechanisms. Enjoy your visit to our blog and now understand the importance of having security on your company’s server!