A data breach can cost a company millions of dollars and ruin its reputation among its customers. Many data breaches have occurred over the last decade with varying degrees of impact. According to cyber security expert and Maryville University alumna Mary Heger ’86, every business must create its own response plan after a data breach, and the resulting liability varies depending on the circumstances. Learning from other companies that have experienced cyber security breaches can help future businesses protect themselves and their customers.
Data Breach at eBay Compromised 145 Million Records
Many cyber security breaches prove particularly impactful because of their size. For example, The Huffington Post technology editor Dino Grandoni reported in May 2014 that hackers had penetrated eBay’s defenses, which compromised non-financial, sensitive data for 145 million active monthly users. The breach occurred between late February and early March, but eBay did not issue a statement until two weeks after discovering the cyberattack.
According to eBay’s May 21, 2014, press release, the company urged customers to change their account passwords as well as their account information on any other website where they might have used the same password. The release also assured consumers that the company had not noticed any increases in fraudulent activity. As a result of the publicized cyberattack, a Clearswift study revealed that “half (49 percent) of adults online will be less inclined to use eBay in the future” as a result of the breach.”
Heartland Data Breach Compromised 100 Million Cards
Long before eBay’s data breach occurred, payment processor Heartland experienced a data breach of its own. Writing for Bloomberg, Rachael King details the crushing aftermath of a data breach that started in May 2008 and remained undiscovered until January 2009. In all, the breach affected 100 million payment cards and a potential 650 financial services institutions.
According to King, the breach prompted Heartland and other financial companies to exercise more caution when working with third-party vendors and investigate ways to encrypt payment data during card-present transactions. According to The U.S. Federal Trade Commission, FTC, most major card issuers are already offering or will offer new credit and debit chip cards for added protection. These chip cards create distinctive codes for each transaction, which can make card-present purchases safer.
Experian Hack Exposed Sensitive Data of 15 Million T-Mobile Customers
While the Heartland cyber security breach proved devastating since it related to payment cards, the Experian hack that occurred several years later involved highly sensitive data and affected more people. InformationWeek’s Dark Reading senior editor Kelly Jackson Higgins reported in 2015 that hackers had gained access to sensitive information for about 15 million T-Mobile customers. Exposed data included names, birthdates, Social Security numbers, addresses, driver’s licenses, and passport numbers. According to Higgins, adequate encryption could have prevented the hack. In this case, the hackers could have capitalized on weaknesses in either T-Mobile’s or Experian’s data encryption.
CSO contributor Steve Morgan reports that the cyber security industry is experiencing a significant talent shortage. This shortage could open doors for experts with degrees in cyber security and provide the expertise to help organizations like Experian, eBay, and Heartland prevent future breaches.
If you want to help combat cyber threats like the ones above, a cyber security degree from Maryville University could create a lucrative future in this industry.