The year 2018 has seen companies hit with sizable fines and settlements due to data breaches. For example, Uber’s poor handling of its 2016 breach cost the company close to $150 million. And weakly protected, heavily-regulated health data has cost medical facilities big money, resulting in increasingly large fines from the U.S. Department of Health and Human Services.
There could be even bigger fines in the horizon now that the European Union’s (EU’s) General Data Protection Regulation (GDPR) has come into force, as data regulators in the EU can fine upwards of €20 million. Several high-profile companies have already suffered large-scale breaches since the new regulations came into force, meaning 2019 could well see the cost of failure increase even more.
Security Never Takes a Holiday
Just last week, the Marriott disclosed a four-year-long breach involving the personal and financial information of 500 million guests in its Starwood hotel properties. The concern? Anytime there is such a massive intrusion that goes undetected for such a long time, the root cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers alike: Assume your network has been compromised.
Bad operators already have access to personal data points that you may believe should be secret but which nevertheless aren’t, including your credit card information, Social Security number, mother’s maiden name, date of birth, address, previous addresses, phone number, and yes — even your credit file.
Rough Year for Facebook
While we were all glued to the Kavanaugh Senate Hearings on Friday September 28, Facebook announced that 50 million user accounts had been hacked. Facebook users even had concerns about their private messages getting accessed and their credit or debit information could have been breached, too. Facebook is still unsure when exactly this happened but the spots are found on the site somewhere in July 2017 and it was identified on 16th of September 2018.
There was another big concern for WhatsApp and Instagram accounts, since they are owned by Facebook and most of these accounts are interlinked, either through contact numbers or manual set-up. Facebook is uncertain whether Instagram accounts were affected or not. Although, to keep the data safe and secure, it was advised to the customers to re-link Facebook and Instagram after logging it out once. Contrary to it, they confirmed that WhatsApp users are safe.
In Good Company
In addition to Uber, Marriott, and Facebook, some of the largest reported data breaches this year include compromises like T-Mobile, British Airways, and Google. All seemingly reputable brands, with stringent security policies and procedures. Around two million T-Mobile customers who were based in the U.S. had their account details breached, leaking their names, email IDs, account numbers, billing details, and encrypted passwords. And earlier this year, British Airways also faced a cybersecurity breach which affected some 429,000 consumers. While this compromised the stolen personal and financial data, all passport and flight details remained secure. The information lingered in an unprotected state for two weeks during the period of August 21 to September 5, when the company’s website and apps were under a “sophisticated” attack.
Google also identified a vulnerability in one of its APIs (Application Program Interface). It noticed an API for Google’s social networking effort, Google+, gave third-party app developers the access to data from the friends of the app users. As a response to the situation, the parent company of Google+, known as Alphabet, decided to shut down its unpopular Google+ service entirely. That said, it’s pretty doubtful anyone misses it.
Consumer Concerns Moving Forward
Data breaches make crimes such as identity theft and other scams much easier for criminals to carry out. After your data gets stolen, it often goes up for sale on black market websites, where criminals can buy it and then pretend to be you. Individuals are powerless to stop a data breach but can help prevent identity theft. Keep in mind, any data point you share with a company will likely eventually be hacked, lost, leaked, stolen or sold—albeit typically through no fault of your own. And if you’re American, your recourse to do anything about it is limited or non-existent.
After a data breach, consumers don’t just have to accept a company’s offer of credit monitoring services and leave it at that. Individuals can also freeze your credit and set fraud alerts to keep you apprised of any fishy activity on your credit cards and bank accounts, in addition to regular checks of one’s credit report. No doubt, 2019 will see an increase in large-scale data breaches. Are you ready?