Yahoo Data Breach
[Students Name]
[Instructors Name]
_/07/2020.
Table of Contents
Breach Background and Policy Mitigation Measures. 3
Policy Strengthening Strategies. 3
Financial Implications to Yahoo. 4
Introduction
Although the occurrence of a data breach seems to be more prevalent currently, especially with the emergence of technologies such as increased digital storage and cloud computing, data breaches have been identified to exist as long as businesses continue to maintain a collection of private records and confidential information. More so notably in the financial industry, where most of the critical details getting stored by the financial institutions, once breached, could have severe consequences. However, it is only after the 1980’s that the rate of recurrence of publicly disclosed data breaches amplified, while awareness concerning the effects of such data breaches grew in the early 2000s.
The greatest threat to information is identified to exist on the cloud based organizational email accounts which are commonly used in leveraging for access, alongside a series of availability attacks intended for web applications (Trautman,2016). The information industry is by far one of the most prestigious industry in the 21st century which is highly facilitated with the growth and use of the internet services. Which have in return led to the development of a global market one which is not limited by geographical boundaries. As businesses continue to identify this potential industry in improving their performance and growth, more continue to upload and place a vast amount of their data and information online, preferably in storage spaces such as clouds and servers.
All these developments have led to the information industry becoming one of the most attacked platforms ever. Where most of the recorded attacks of 2018 and 2019 consist of DoS attacks. However, human error is also a factor in these vulnerabilities. Most of the cases of data breaches have been identified to have occurred majorly as a result of human publishing errors and misconfigurations from the system administrators. An example of such is the Yahoo data breach, which is by far one of the most devastating data breaches to ever occur.
Breach Background and Policy Mitigation Measures
According to the company’s website profile, and Yahoo’s data breach settlement, the company goes ahead and states that they were able to effectively contain the cybersecurity data breach which is believed to have extended from 2012 to 2016. However, the information provided goes on to be more specific by providing a detail on the data which was stolen from the data breaches, with the so-called data intrusion being traced back from atleast January to April of 2012.
The numerous breaches during that period did not act in the same kind of behaviour with instances where the hackers did not even take any kind of data. Which was the case for the year 2012. However, the following year the malicious attackers behaved in a much more malicious and menace behaviour by taking records of numerous Yahoo accounts, which was estimated to be 3 billion records (Thielman, 2016). In that moment, the information which the attackers were able to seize could have allowed them to have instant access to the users records such as their calendar schedules, Email accounts Phone numbers and addresses.
Moreover, 2014 followed another series of data breach for the company which led to a total of 500million user accounts being affected. The aftermath of this event continued for several years to come. These events eventually sparked an increased public awareness from Yahoo users, both concerning the governing cybersecurity regulations and laws which Yahoo was in breach of as well as the activities which led to the breaches.
Following a number of investigations by third party cybersecurity institutions, Yahoo was found not to be complicit with regulations demanding immediate public notice of any data breach incident, as well as the company’s haste in installing new updates into their platforms. Unfortunately, following the attacks, Yahoo failed to issue a sweeping statement to the public with enough detailed information to give them reassurance and mitigation measures they can employ. It was only after their short comings came to light that the company opted to send to its users a devoted security notice of the actions, they planned on taking to contain the matter. The numerous notices sent in September and December of 2016 and October of 2017 detailed the following actions pledged by Yahoo;
- Yahoo would continually and frequently keep on enhancing their systems which are used in detecting and preventing data breaches and unauthorized access.
- The company would invalidate all unencrypted security answers and questions directed at them.
- The company would immediately require all unaffected and affected individual user account owners to change their passwords.
It is for this reason that businesses are often recommended not to take haste in deploying their software solutions online, but instead take all the time they need to ensure it is safe with its security not compromised. Apart from DoS attacks, web application attacks are also common which are targeting the software’s being deployed by businesses. The illicit use and frequent reuse of stolen user credentials is a practice which is most common in almost every hacking operation directed against web applications, regardless of the target industry. The third pattern which has been identified in information breaches is cyber-espionage. As it is commonly pointed out, a vast majority of the cyber-espionage cases commonly begin from a fruitful phishing campaign, hence explaining the reason as to why phishing emails is considered as the greatest threat to cyber security.
Policy Strengthening Strategies
Clients tend to put their trust on organizations with their personal, legal and financial information which at all times need to be kept private. A simple security breach may let out all the secrets to the general public, where the misuse of the user’s confidential information may bring about the damaging of the client’s reputation, finances, or businesses (Cheng, 2017). With so much data and information currently stored on the digital platforms today, it is of great importance that organizations should tend to focus much of their efforts and focus on the security efforts against cybercrimes.
Hence, one of the best ways of preventing and mitigating a security breach is to try and be proactive towards adherence to the recommended best practices and policies, such as;
- Controlling the Employees access to data – one of the most recommended preventive measures against security breaches is towards the prevention of data leaks from possibility from the employees of the organization itself.
- Using only the appropriate and authorized Firm-Based devices and systems – the use of alternative software solutions from third party sources which have not been vetted and considered as secure to use within the organizational network infrastructure is a great threat towards the security integrity of the organization. Hence, the urgent need to control the type of devices and software’s being used in the organization.
Financial Implications to Yahoo
There are a number of guidelines and security protocols which are put in place to try and protect the user’s data from the misuse and mismanagement of their personal information from the various information driven organizations, such as yahoo. Once an organization services its roles and duties under these policies fail in properly securing their user accounts data, this is met with several severe consequences such as financial loss in terms of fines and even legal measures.
As in the case of yahoo’s 2013 data and security breach, which is being regarded as the largest data breaches of all time having affected an estimated three billion user accounts. It was announcing that the data breach would eventually cost the company an additional sum of $85 million after the organization was able to reach a new settlement which orders the company to pay a total of $50 million in terms of damage, and another $35 million to be used to cover the attorney fees as well as make available free credit monitoring services to the victims of the affected user accounts. Furthermore, earlier this year, the company Yahoo which is currently identified as Altaba, had announced that it had agreed to pay an additional $35 million in penalty fees to the SEC, Security and Exchange Commission because the yahoo failed to notify its customers on time about the security and data breaches.
References
Trautman, L. J., & Ormerod, P. C. (2016). Corporate Directors’ and Officers’ Cybersecurity Standard of Care: The Yahoo Data Breach. Am. UL Rev., 66, 1231.
Thielman, S. (2016). Yahoo hack: 1bn accounts compromised by biggest data breach in history. The Guardian, 15, 2016.
Cheng, L., Liu, F., & Yao, D. (2017). Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7(5), e1211.