Explore some of the worst cyber-attacks in the last decade, and how you can build a disaster recovery plan to protect your business data.
Blog

Business Disaster Stories: The Catastrophic Reality of Security Breaches

Posted on by Emalee Brannon

Cyber breaches continue to get worse every year. As interconnectivity between companies increases, so does the number of cyber-attacks and data breaches. Cybercriminals have two motives for stealing virtual data: maximum impact and maximum profit.

Maximum impact refers to how cybercrimes affect a targeted victim. Most data breaches are aimed at major companies that store sensitive data on employees and clients. Most of this data is considered to have great value because cybercriminals can access personal identifying information stored in a company database. Private information such as social security numbers and banking information gives cybercriminals the ammo they need to profit from others.

In any case, a cyber threat is a serious problem, and it puts companies and their clients at risk. These are just some of the worst cyber-attacks in the last decade, and how you can build a business continuity & disaster recovery plan to protect your data.

Equifax

In 2017, Equifax fell victim to a series of cyberattacks that resulted from one of the worst data breaches in history. Roughly 200,000 people were affected when their credit card information was stolen. Furthermore, 145.5 million customers had their personal information compromised when hackers broke into the database. All personal identifiable information (PII Data) was at risk for exploitation from then until July 2017.

As Equifax is an international consumer credit reporting agency, the breached PII data included:

  • Name
  • Date of Birth
  • Social Security Number
  • Mailing Address
  • Credit Accounts
  • Inquiry information
  • Bankruptcies
  • Collections accounts

This is exactly why federal agencies like the IRS and FTC have been cracking down on businesses and managed IT services providers to comply with their management of any sensitive data.

A Lack of Communication Goes a Long Way

What was surprising about these events was that no one knew about them as they happened. Equifax waited for months to announce these attacks to everyone who was impacted by them. The only thing they offered was free credit monitoring to everyone affected, but it wasn’t enough to compensate for critical data that was stolen.

Two years later, Equifax finally decided to take action. They offered a $675 million settlement to every customer impacted by the data breach. The money would pay for costs resulting from the breach,

including stolen identity. Customers who chose not to have free credit monitoring could claim $125 in cash.

While financial compensation is a wonderful solution for a data breach, can it compensate for the damaged reputation? An ounce of prevention is worth a pound of cure. For future reference, Equifax needs to alert customers of a data breach immediately. It could save everyone time, money, and hassle.

And if anything else, your organization can partner with a business tax & law firm to represent you in legal action and planning for the aftermath.

First American Financial Corps

In May 2019, First American Financial Corps faced a terrible data breach that impacted 885 million credit card applications. However, these events weren’t attributed to actual hacker activity. The root cause was a website design error. In this case, it was a data leak rather than a data breach, because of human error. And although there was no malicious intent, it still cost the company and all of its stakeholders.

Customers and agents alike were affected by the data leak in several ways. Both had names and email addresses compromised because of the leaks. The phone numbers of buyers and closing agents were exposed for all to see.

A data leak leaves a company website vulnerable to the following:

  • Identity theft
  • Ransomware attacks
  • Malware

Going forward, what lessons should we learn from this incident? Are there any preventive strategies that can be taken in the future, whether it actually be from a hacker or a natural disaster? There are two answers to the question. One is to have the code inspected thoroughly by quality control. Check for any errors or holes in it before publishing your website.

The next step is to monitor for any data leaks or breaches. This should be done continuously through a website administrator. The trick is to catch them so data can’t be hacked by criminals. If anything happens, inform all stakeholders immediately. This includes employees, customers, and outside vendors.

JP Morgan Chase

In 2014, JP Morgan Chase was hit hard by one of the biggest data breaches in the banking industry. A group of hackers broke into the website with the intention of laundering money for personal gain. The intention of these covert cybercriminals was to set up an investment scheme where they use millions of dollars stolen from private accounts. They created a casino and started a Bitcoin investment account, where they made over $100 million before getting caught. The following data were compromised in the breach:

  • Personal info and login details for company employees
  • Email Addresses
  • Phone Numbers
  • Other sensitive consumer data

Most breaches occur due to an online threat, which happens when certain security measures aren’t implemented. In this case, JP Morgan Chase should consider proper data security management practices, and require every client user to use something like Multi-Factor Authentication (MFA) to enter two pieces of identifying data when logging in. These usually include the user’s login information and a required code. This code is either sent through email or a text message. Customers are required to enter that same code for website access. For JP Morgan Chase, it’s the best method for preventing future breaches and any extreme costs that came from the downtime.

Experian/T-Mobile

In 2015, a hacker posing as a private investigator contacted T-Mobile asking for personal information on several mobile customers. This information was stored by Experian, who worked with the company to process consumer credit applications with T-Mobile. Both organizations offered separate settlements to customers impacted by the breaches. Experian offered $13.67 million in damages, while T-Mobile agreed to pay $2.5 million.

The following data was affected by the breach:

  • Customer names
  • Social security numbers
  • Banking and credit card information

In spite of the settlements offered, neither entity would be let off the hook. Experian was ordered to take stricter measures to improve security on their site. They were asked to provide up to two years of free credit monitoring services for each customer who was affected.

Best practices should include up to five years of free credit monitoring from Experian. Both companies need to alert customers of the impact by issuing warnings through emails and texting. Another good step is to closely monitor third-party vendors to prevent future outbreaks and protect sensitive data in order to avoid any unforeseen technology challenges.

Capital One

In 2019, anyone who had credit cards through Capital One was vulnerable to a major data breach, which was traced to a single hacker. The individual broke into the site and obtained the following personal information from new and existing customers:

  • Names
  • Birthdates
  • Addresses
  • Phone Numbers
  • Email Addresses
  • Personal income

Roughly 100 million people in the United States and 6 million in Canada were affected by the breach. The bad news is that they weren’t partnered with the right MSP to get them through the disaster recovery process efficiently. And even worse news was that customers weren’t informed of the breach when it happened.

Although Capital One gave a press release, it failed to notify customers immediately. Being informed of

online security risks give customers the power they need to keep on top of their accounts. They can monitor their online information and take security measures against future online threats.

PayPal

PayPal fell victim to a credential stuffing attack in late 2023, demonstrating the vulnerabilities faced by even the most secure digital payment platforms. This attack involved unauthorized access attempts to user accounts using previously breached credentials, putting personal and financial information at risk. Despite there being 35,000 compromised accounts, the incident highlighted the ongoing battle against cyber threats in the financial solutions sector.

The difference between the PayPal incident vs the others lies in their response. They implemented:

  • Immediate password resets for affected users
  • Enhanced security measures
  • Transparent communication

This proactive approach underlines the critical importance of preparedness and quick action in the face of cyber incidents. PayPal also emphasized the role of users in maintaining digital security, recommending practices like unique passwords and regular account monitoring.

How Do You Recover from a Disaster?

These stories serve as stark reminders of the vulnerabilities that businesses face. These incidents highlight not just the potential for financial loss and legal ramifications but also the profound impact on customer trust and corporate reputation. As cybercriminals become increasingly sophisticated, the necessity for a comprehensive business continuity and disaster recovery plan becomes undeniable.

The key to navigating the complexities of cyber security is not just in responding to incidents, but in proactively preparing for them. This entails a strategic approach to risk management, including regular audits, adopting advanced security measures, and ensuring quick, transparent communication in the wake of security breaches. However, developing and implementing such a plan can be daunting without expert guidance.

Be Prepared for the Worst!

This is where Nerds Support comes in. With years of experience in providing cutting-edge cyber security solutions, our team is adept at crafting tailored business continuity and disaster recovery plans that address your unique vulnerabilities and compliance requirements. We understand that each organization’s needs are distinct, and our approach is to work closely with you to create a strategy that not only protects your digital assets but also ensures your business can swiftly recover and maintain operations, even in the face of a disaster.

Don’t wait for a cyber incident to reveal the gaps in your defense strategy. Proactive preparation is the hallmark of a resilient organization. Contact Nerds Support today to safeguard your business with a robust business continuity and disaster recovery plan. Together, we can turn your cyber security preparedness into a competitive advantage.

Check out Nerds Support's Google reviews!
Check out Nerds Support's Google reviews!
This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies. Your data will not be shared or sold.
More info Accept