2017 Round-up Of Big Tech Company Admissions To Massive Data Breaches


Contrary to the popular belief, the data breaches had not begun when companies started storing their sensitive information digitally. They have been there for as long as users and enterprises have maintained records and stored private data.

The Beginning

Some of the first publicly disclosed data breaches date back to the 1980s. In 1984, the international credit information conglomerate TRW (currently known as Experian), was hacked. The hackers stole about 90 million records. Two years later, the Canada Office of Inadequate Security announced that 16 million records of Revenue Canada were compromised. However, until the past two decades the term "data breach" was not so widely popular. 


Earlier this fall Yahoo reported one of the largest data breaches ever. The company announced that undisclosed third parties stole more than 1 billion user accounts in August 2013. The case is separate from another data breach the company disclosed in September. It involved the compromising of nearly 500 million user accounts in late 2014. The stolen user data from the new breach included names, e-mail addresses, phone numbers, passwords, personal information but no credit card details. 

Hewlett-Packard and the Navy

At the Thanksgiving Eve, the Hewlett-Packard Enterprise revealed that unknown individuals compromised the laptop of one of their employees. As a result, the social security numbers and the names of 134,386 former and current Navy sailors leaked. The U.S. Navy also confirmed that as of now, there was no evidence to suggest the misuse of information. 


In March 2016, Verizon Enterprise Services announced that it had been a victim of a cyber-attack that affected 1.5 million of its corporate clients. The hackers managed to access some basic contact information. They did not compromise the customers' proprietary network information. Subsequently, a member of an underground cybercrime forum posted a thread to advertise the sale of a database containing the contact details of 1.5 million customers of Verizon. The seller offered the entire package for $100,000.  It was also possible to purchase a set of 100,000 records for 10,000 each. Interested parties could also buy detailed information about security issues in Verizon's official site. The telecom provider did not disclose the cause of the breach. However, the company confirmed that it already found and fixed the vulnerability the hackers used to collect the data.


In May, this year, Time Inc., Myspace's new owner admitted the publishing of a large set of stolen Myspace login details for sale in an online hacker forum. The company did not disclose the exact number of compromised accounts. According to internal sources, there were about 427 million passwords and 360 million user accounts available for sale online. Supposedly, the leaked data was several years old and just a part of the overall user data from the old Myspace platform before the site relaunch with the added security in 2013.


Also in May 2016, LinkedIn reported the second data breach in its history. A hacker named Peace managed to steal 6.5 million encrypted passwords. Soon after that, they appeared for sale in a Russian dark net forum.


Tumblr also confirmed a 2013 data breach affecting an undisclosed number of users. According to the analysts, the number of compromised accounts exceeded 60 million unique e-mail addresses and passwords. When announcing the breach, Tumblr confirmed that the passwords were not in plain text but were "hashed" instead. This process converts the password into a different string of digits. The company did not report what algorithm the hacker used to hash the login details. A hacker called Peace put the data on sale on the darknet platform.

What do the numbers say?

US-average-cost-of-data-breach-in-2016-$221- per-capita

According to the 2016 Cost of Data Breach Study conducted by Ponemon Institute and commissioned by IBM, the average total cost of the data breach for all the 383 companies surveyed, increased from $3.79 million in 2015 to $4 million in 2016. The average amount paid for a compromised record increased slightly, from $154 to $158. In the United States, the average per capita cost of a data breach in 2016 was $221, and in India, it was $61. While the average total organizational cost in the United States was $7.01 million, it was $1.6 million in India and $1.87 million in South Africa. On average, it takes the companies 229 days to identify data breaches caused by malicious attacks. If a human error caused the data breach, it typically takes the organization 162 days to identify it, the study suggested.

Verizon examined more than 100,000 incidents and analyzed over 2,260 data breaches in 2015. Per its 2016 Data Breach Investigations Report by Verizon, almost half of the security breaches in the technology companies involved Denial of Services (DoS) attacks. According to the researchers, this is mainly because the technology companies nowadays rely heavily on digital data, cloud computing, and employee's mobility.

Can you really prevent a hacker attack?

Although no company is immune to hacker attacks, there are several ways to protect your consumers' private data. First, you may invest in high-qualified IT security personnel and provide them real career growth within the company. In addition to that, you may develop, test and implement a working strategy in case your main anti-DoS service fails unexpectedly. 

It is also important to use different network circuits for your main systems so that one of them could not act as a gateway to more important ones. According to the security professionals, a great majority of the incidents involved cyber-attacks on web apps. One way to prevent it is to use two-factor authentication. Another option is to establish a patch process for third-party plugins.  

There are many benefits to the company of using a ‘white label’ provider to offer additional services to its customers.  Working with a partner to develop or deliver additional services includes:

·         Reduced costs (or none) of development

·         Speed-to-market

·         Learning new skill sets and market knowledge

·         Keeping focus on core offerings

·         Adding value to the customer

A ‘white label’ partner is often smaller, more nimble, and/or has a different core focus than the primary company.  If the company would like to deliver Security Services, but their core offering is around networks, they won’t already have security experts.  Some might argue that they need to build the offering themselves, but the go-to-market process for an in-house offering, often due to red tape and budgets, would likely be months if not over a year.  Another argument is that the service offering is already a proven commodity to the provider, with existing staff, who have the technical experience and the marketing knowledge to deliver effectively. 

Get in Touch!

Telephone: (919) 439-5000
Email: info@mercuryz.com
1150 SE Maynard Rd
Cary, NC 27511
263 13th Ave S, Suite 340
St Petersburg, FL 33701

facebook linkedIn facebook