Lessons from Equifax and Yahoo Data Breaches

Posted by Alexa Villanueva

Fri, Oct 20, 2017

Data leak_blog post.png

Cyber security incidents have a negative impact on everyone involved, from the customers to even the company’s employees. And after reading the headlines day after day about how personal and financial information of MILLIONS of people have been exposed for the world to see, we can’t help but wonder: What went wrong? How could it have been avoided? What’s next?

In light of Cyber Security Awareness Month here are a few key takeaways from two of the most notorious data breaches:

EQUIFAX: More than 146 MILLION customers potentially at risk

Equifax, one of the largest credit reporting agencies in the US was subject to a massive data breach which impacted more than 143 million consumers. The breach was initially discovered on July 29 and compromised credit card and social security numbers along with other personal information such as birth dates and addresses.

In response to the attack, Equifax asked the possible victims to visit the site they had set up - equifaxsecurity2017.com to verify whether they were affected by the breach, but to add insult to injury, customer service on Equifax’s Twitter was redirecting people to a the wrong site - securityequifax2017.com. While misspelling a website is a common mistake, it could have led to a potentially malicious site. Luckily this wasn’t the case.

YAHOO: 3 BILLION user accounts

Yahoo data breach 2016.jpg

Here’s a 2013 data breach throwback we were hoping not to hear from again but it just so happened that the impact was much larger than what the company had initially reported, triplicating the number of exposed accounts. Meaning, if you had a Yahoo account, your information (birthday, email address, telephone numbers and security questions) was most likely leaked.

Key Takeaways:

  1. Assume your data has been stolen and check your financial accounts. If possible, set up alerts that will inform you whenever there is suspicious activity detected.
  1. Determine the type of information that could’ve been stolen and implement a recovery plan starting with your most sensitive information. For example, if you believe your debit or credit card information has been compromised contact the financial organization or bank that issued the card immediately. Don’t wait until fraudulent charges appear on your statement, if the perpetrators get the stolen card numbers they will act in a matter of hours and in some cases, you might be liable if you don’t report suspicious transactions right away.
data breach protection

Change your login information on the accounts with the affected company. Make sure you change your passwords if you have been compromised.  Also make sure to use different passwords for different platforms.  That way if one of your passwords is compromised, the perpetrators can’t login to your other accounts. Choose passwords that are unique.

Be wary of identity theft by monitoring your bank and credit card statements in a detailed manner and review your credit report continuously.

  1. Never let your guard down. There is no way of knowing if and how long your information can stay in the dark web or even when the perpetrators will decide to use it. The best approach is to remain vigilant and take precautionary steps to mitigate a potential threat.

Every company, no matter the size or industry, are prone to cyber-attacks and it’s no longer a matter of “if” it will happen but “when”. This is why, it’s not only important to learn from past mistakes but to be proactive in protecting your most valuable information and reducing the risk of fraud or theft in the future.

Get Our Latest Posts Automatically via Email

Topics: data breach, cyber security, online protection

Subscribe to our weekly CyberThreat Digest

Each week, our Cyber Threat Analyst team prepares a digest of the latest cyber threat news and alerts. Subscribe today and begin receiving it on Monday.

  Get the Weekly CyberDigest

 

Subscribe to receive a weekly summary of our latest posts

Recent Posts

Posts by Topic

see all