Access your Pro+ Content below.
No customer data leaks? Companies look down the rabbit hole
This article is part of the Information Security issue of October 2017, Vol. 19, No. 8
Leaks can be hard to stop. Just ask President Trump. Companies have released financial reports that cite major security incidents but claim there was no evidence of a data breach (A.P. Moller-Maersk), loss of data that could affect payment card security (Yahoo) or third parties' or customers' personal account information (Fed Ex Corp.). How can they be so sure? Other organizations -- like Equifax, Yahoo and more -- announce data theft months or years after the intrusions, and their 'timelines' of what they knew, and when, about these data leaks face scrutiny. Yahoo, now called Altaba, acknowledged personal account data leaks two years after the thefts took place and just months after the company had reached a $4.83 billion deal to be acquired by Verizon Communications. When Yahoo finally disclosed a massive 2014 data breach of up to five hundred million affected account holders in September 2016, some already had legal representation. Within weeks, Yahoo was facing data breach lawsuits from customers who claimed that the lapse ...
Access this PRO+ Content for Free!
Features in this issue
Data breaches and incoming regulations are heightening the need for a data-centric security model, say security leaders. Here’s how to gain control and stop unauthorized use of your data.
A state CISO champions innovation for Washington, from early development of a single sign-on system to leadership of the new Office of Cyber Security.
Until WannaCry and NotPetya, estimates of ransomware cost and damages were likely overblown. But indications are that companies lost hundreds of millions from these malicious attacks alone.
Columns in this issue
When Yahoo finally disclosed a massive 2014 data breach to up to five hundred million affected account holders in September 2016, some already had legal representation.
The 'father' of the Orange Book has first-hand knowledge of the standards required for classified computer systems and the issues with subversion.