What Actually Happens After a Data Breach?
When yet another headline about a large-scale data breach scrolls across your newsfeed, you might worry about the security of your company and hope it doesn’t happen to you. But after the initial shock of a breach, most people stop thinking about it.
What happens two or three years down the road? The ramifications of those breaches don’t just go away when the story is out of the news. To demonstrate, let’s take a look at where three of the largest data breaches from recent years are now.
A Closer Look at Target’s Data Breach in 2013
Target was the victim of a major data breach in late 2013. The incident involved 40 million compromised credit cards, and as many as 110 million people suffered theft of personal information. Target has said 70 million people may have been affected by the November 27 – December 15, 2013 breach.
The lawsuits and settlements demand large sums from Target. Fairly soon after the breach, Target finalized a $10 million deal to be paid directly to shoppers. Then in August of 2015, the corporation settled with Visa for $67 million. A few months later, a case called for the retailer to pay $20.25 million to banks and credit unions and $19.11 million to MasterCard issuers. Target’s breach was estimated to have cost the company upwards of $160 million, and that number is still growing.
In regards to their security, Target implemented new security initiatives, including hiring a new chief information security officer, updating their technology practices and implementing smart card readers for enhanced protection. It seems that Target isn’t going to allow another simple error to cause a breach, but only time will tell if their new security measures are enough.
Examining the JPMorgan Chase Data Breach of 2014
When JPMorgan Chase was hacked in 2014, it was one of the largest financial security breaches in history. It affected more than 83 million customers, including 76 million individuals and seven million small businesses.
In the aftermath of the attack, JPMorgan took a bigger marketing hit than financial hit. In fact, the week after the breach, JPMorgan reported that its stock price had barely budged.
In July 2015, four men were arrested on charges of fraud and stock manipulation in relation to the JPMorgan Chase breach. There is speculation the men used the names and emails obtained from the JPMorgan attack to promote certain “hot” stocks for personal gain in what is called a “pump-and-dump” scheme. Although the connection between the JPMorgan hacking and this elaborate international stock manipulation plot is not confirmed, some experts see the link.
Beyond names, phone numbers and email addresses, financial information and highly sensitive data such as Social Security numbers were at risk, although not accessed. The breach, which was conducted by using a neglected server to act as the access point, might have been easily avoided by simply adding small security fixes to the server.
It’s unclear whether or not JPMorgan has taken measures to eliminate the holes in their security systems. Another simple human error could cause another breach.
Home Depot Gets Breached in 2015
When Home Depot was breached between April and September 2015, more than 65 million credit card numbers and customer records were taken. Like JPMorgan, their customer numbers did not see any significant drop; but they admit that they did face financial consequences from other areas, including identity theft protection services, increased call center staffing and legal fees. In fact, the breach cost them $43 million alone in the third quarter of 2014.
The company recently reported they have incurred $252 million in expenses related to the breach. Some of these costs are associated with Home Depot’s new security measures. The store established enhanced encryption throughout their stores and reorganized their management structure to have a dedicated data security officer.
Encryption might be helpful, but advanced attackers can find ways around it. Home Depot is still working its way out of data breach recovery, but more should be done to prevent an attack in the future.
Why Standard Security Systems Are No Longer Enough
The message is clear for businesses looking to learn from these major breaches—invest in cyber security now and avoid a costly multi-year recovery process. However, these companies already had standard security systems and applications in place. Something has to change for companies to overcome constant cyber attacks.
The illusive networks Deceptions Everywhere® solution offers a proactive approach to cybersecurity, blanketing the network with deceptive information that forces attackers to question what’s real and what’s illusive.
Cybersecurity can’t focus on individual attack vectors or pieces of malware—the Deceptions Everywhere® solution goes after the attackers themselves.