Yahoo recently disclosed that “state-sponsored” hackers stole data on about 500 million users in what could be the largest publicly disclosed cyber-breach in history. The breach included swathes of personal information, including names and emails, as well as “unencrypted security questions and answers”. The hack took place in 2014 but has only now been made public, and in the UK it is believed data on about eight million user accounts was taken in the hack.
Data security is more than an information technology issue. It is a legal requirement and a huge customer experience, marketing and overall business issue, because providing great customer service implies the protection of all customer data.
Security breaches will be thought of by the customer as a violation of trust. They expect all of their data to be secure and trust you to secure it. But it’s not just the impact of loss of trust by your current customers, it has ripple effects in terms of negative word-of-mouth – especially in the age of social media. The old adage “there is no such thing as bad publicity” is trite. Customer information breaches are very bad publicity.
The Sage Group had a breach in August 2016 impacting a potential 200 UK customers and ensuring the inevitable share price fall while the company investigated what the Financial Times reported as a breach that “……may have let attackers get access to employee information from Sage’s customers, including bank account details and salary information.”
Earlier in 2016 Facebook suffered a breach whereby a hacker discovered a big security hole in its password reset mechanism which allowed him to hack into anyone’s Facebook profile.
LinkedIn saw a 2012 data breach come back to haunt them when 117 million email and password combinations stolen by hackers four years ago popped up online. At the time the breach occurred, members who had been affected were told to reset their passwords. That information then became publicly available in May 2016.
In a recent article by ‘it Governance’, OneLogin, a Cloud-based single sign-on and identity management service provider, which is used by more than 1400 enterprise customers in 44 countries, had suffered a breach. The intruder managed to get hold of one of its employee’s passwords.
Poor password practices frequently cause breaches, especially when users employ weak passwords and reuse credentials across multiple sites and services. The knock-on effect of a single data breach could jeopardise the security of multiple accounts, and ultimately cost the business.
Find out more about why username and password should be considered the very basic entry level protection.