Company Data Breaches: What We Can Learn So Far in 2023

With cybercrime on the rise, compromised online security and global company data breaches are becoming more frequent. It’s a real cause for concern, as data in all its forms in the wrong hands can have harrowing short and long-term effects. For thorough online security and to avoid falling victim to a data breach, you need to be more vigilant than you might think.

As Independent Advisor highlights, it’s not just the company, but the individuals caught up in the crime who feel those repercussions. Most of the time, basic personal information (PII) that includes full names, date of birth and contact details will be stolen or exposed, but in more serious cases, financial details, social security numbers and sensitive medical information can also be compromised.

So far this year, Twitter has been subject to the largest breach and there have already been almost 350 million accounts that have been impacted by data breaches. While each case of compromised data is different, there are some key takeaways that echo throughout. From how they start to the aftermath, this is what we have learned so far.

1. It can happen to anyone

Human error is a major factor in data breaches, especially when it comes to phishing scams that target individuals. Threat actors and hackers typically look for weaknesses, be that in a vulnerable company system or a human who isn’t au fait with a malware-filled email.

Small businesses, the healthcare and education sectors have been easy targets for hackers to exploit in the past, typically owing to less funding and knowledge in cybercrime prevention. But the reality is that threat actors can attempt to hack multiple times per day, and it only takes a weak link to expose what can become a major data leak.

And as we can see in Twitter’s case, even large, well-funded businesses are at risk. A huge portion of 2023’s data breaches have been with telecom providers, with at least 46,700,836 records affected this year so far, all of which you would expect to have top-notch cybersecurity in place – especially if they have already been subjected to attacks in the past.

2. Repeat hits are common

Twitter’s January data breach was by no means its first, and unfortunately it’s unlikely to be the last. Reporters and security researchers noted the records of more than 200 million users were likely compiled into a list at the end of 2021 due to a vulnerability in Twitter’s system and that they were able to gain access this time around from obtaining previous data, despite Twitter having fixed the flaw at the time.

T-Mobile is another example of a company with multiple data breaches under its belt. In January of this year, it had its eighth disclosed attack since 2018 affecting 37 million records, and just two months later, another 836 have been compromised in another incident.

3. It’s costly

A data breach can be very expensive, from containing the incident to compensating those affected, especially if not dealt with quickly and efficiently. Most of the time, when a company becomes aware of an incident, it tries to contain it and call in cybersecurity experts, if not already on hand. Once under control and officially reported, anyone affected should be notified. Issues arise when months go by without those affected receiving any “official” information but rather hearing information online via websites like Have I Been Pwned? or on social networks. Similarly, if it arises that a company was made aware of a vulnerability in systems at an earlier date, but that it didn’t act appropriately to ensure it didn’t escalate, this can lead to lawsuits.

4. The damage is hard to measure

You can, to some extent, measure the costs incurred with a data breach, especially if a company does become subject to an expensive lawsuit or if multiple parties then suffer fraud as a result of the breach; but there are more long-term effects that may be difficult to quantify initially, such as reputational damage to a company and emotional stress to those involved.

Many affected by specific data breaches will post thoughts on forums like Reddit, and ironically, Twitter, in a bid to share their experiences or complain. This in itself gives a flavour of people’s attitudes towards particular companies, and one would hope it would influence how a company acts going forward to better protect people’s data and compensate them fairly.

The next obvious damage is how the data obtained is then used. Although a stolen email address may not seem severe compared to compromised bank details, down the line, the owner could be subjected to a very legitimate looking email, eventually leading to someone handing over sensitive information about themselves or a company. In Twitter’s case, some researchers even noted that.

5. Simple security measures matter

Although there is on some level a global quip around the fact that many of us use the same, fairly obvious, passwords from time to time, the fact of the matter is, although a strong password won’t necessarily save a company from a data breach, it can make a difference to anyone who’s personal details are at risk of being compromised. If your username for a public forum has been exposed for example, it could be the difference between your account being accessed or not, so taking basic security measures seriously and enabling two-factor authentication where you can is an easy step to take when staying safe online.

Knowledge is power, so companies investing not just in cybersecurity departments but also training of all staff and securing of all networks is key for safeguarding. Hackers learn from both successes and failures, so the trick that all companies are trying to gauge is how to stay ahead of the game. Being vigilant, using a VPN to hide your IP address and staying on top of general online security at all times is one of the best ways to protect your data.
Previous Post Next Post