Last December, Yahoo announced one billion user accounts had been impacted in an August 2013 breach. At the time it was discovered, it was the single largest cybersecurity breach of any individual company in history. It made lots of headlines, and was reported widely.
Fast forward to last month:
In October 2017 (almost a year after the original announcement), Yahoo corrected its earlier statement and indicated that three billion users had been compromised in the incident not one billion. The breach had actually affected three times as many users as first disclosed - all existing Yahoo accounts in 2013 were impacted. In other words, if you had a Yahoo account in 2013, your account was affected.
This story shows the great difficulty both companies and the public face in understanding the full scope of a breach.
The impact continues long after the news stops reporting
Today's cyber and mobile threats are increasingly sophisticated. As we can see in the Yahoo case, it often takes time for organizations and investigators to fully understand the big picture, including how and what data was affected, where the breach happened, and who was responsible. Because of the nature of the investigations, this type of information often doesn't come out for months, sometimes years, if at all.
For consumers this means staying vigilant long after the initial news stories have faded from the newsfeeds. Many companies will alert all impacted customers to a breach. Paying attention to these notifications, as well as news stories about data breaches, is a good initial step.
Did you hear about these breaches?
But what happens in the case of smaller breaches? What happens when the initial breach doesn't make the primetime headlines, or if updates and corrections to the initial disclosures aren't widely disseminated? For example, in this past month:
- Disqus, a popular comment hosting service for web sites, disclosed a security breach from 2012 affecting 17.5M users.
- Pizza Hut suffered a breach that exposed data of 60,000 customers.
- Hyatt Corporation announced hackers gained access to guest credit card information at 41 properties in 11 countries.
- Cabrillo College in Aptos, California reported a data breach affecting 40,000 current and former students.
News of breaches that reach the scale of Yahoo and Equifax are going to be widely shared across traditional and social media outlets, especially when they're first announced. Individuals still need to be aware of the smaller-scale breaches that may directly impact them.
It's easy to miss a headline or for an email to hit your spam box. This is why our Breach Report is such a valuable real-time tool for real people. It quickly allows you to know whether you've been impacted by a breach and to get the critical information and updates necessary to secure your sensitive personal information and data. Upgrade to Premium Plus now to stay on top of the breaches that may directly impact you.
Book a personalized, no-pressure demo today to learn:
Discover how adversaries use non-traditional methods for phishing on iOS/Android, see real-world examples of threats, and learn how an integrated security platform safeguards your organization.