Looking at the trends, one thing is certain – cyber attack frequency is trending upward with no signs of slowing down.
Waves of cyber attacks are affecting both individuals and businesses alike. In the news, we have seen several high-profile cyber breaches. Here, we will share real stories of companies impacted by cyber breaches and lessons that can be learned.
Photo by Pixabay
Threats are sometimes internal
IKEA
An employee accessed the private information of up to 100,000 customers in 2022 using a network computer. Ikea was able to fix the data breach and prevent the information from leaking. Ikea announced that their customers’ banking information was not affected, and their personal information was not used or shared in any way.
Desjardins
In 2019, an employee was caught stealing the personal information of over 9 million Desjardins customers. This illegal activity had been taking place for over two years. The sensitive data obtained included customers’ legal names, dates of birth, SINs, mailing addresses, phone numbers, emails, and more.
Desjardins’ had to provide financial compensation to their customers for the breach and settled the class-action lawsuit for $201 million.
These breaches make clear that inside threats can be just as alarming as an outside attack. Businesses must recognize that trusted employees and vendors are sometimes the biggest threat. Insiders can quickly obtain sensitive information to sell or provide to third parties. To minimize these risks, businesses can take precautions such as adequately vetting new hires by conducting background checks and reviewing their references, revoking system access for employees no longer employed with the company, and only providing sensitive data to employees who need it to do their jobs. Businesses should also do cyber security audits often and keep their systems up to date.
Resulting reputational damage is a big concern
Yves Rocher
In 2019, 2.5 million Yves Rocher’s customers had their personal data exposed. The customer data included legal names, dates of birth, phone numbers, emails, and mailing addresses. Bad actors could access Yves Rocher’s database and alter or delete customer data. They could also steal important company information such as order volumes, promotional codes, and the ingredients for over 40,000 Yves Rocher products. A large data leak from such a well-known brand could tarnish the company’s reputation in some customers’ eyes.
Ashley Madison
In 2015, a group of hackers obtained customer information from Ashley Madison and other dating sites owned by Avid Life Media. Ashley Madison is a website where married people can meet someone to have an affair. The hackers told Avid Life Media to remove the Ashley Madison website permanently or else their customers’ extremely private information would be released to the public. When Avid Life Media did not take down the website, the hackers did as they had threatened. Internal documents and the account details of over 30 million Ashley Madison customers were made public. Customer information included legal names, profile information, account credentials, sexual fantasies, credit card transactions, and contact information. This breach was disastrous for many users; it led to numerous divorces, cyber extortion incidents, public shaming, and at least two suicides.
The loss of reputation from Cyber attacks can lead to a business losing customers and scaring future customers. Poor public opinion has the power to sink a company entirely.
Have cyber experts in your corner
Superior Plus
In 2021, Superior Plus, Canada’s largest propane distributor, was the victim of a ransomware attack that affected 800,000 customers across North America. Superior Plus hired cybersecurity experts to review and manage the incident. They could secure their internal system by disabling certain computer applications and systems. The data is believed to have been employee identification numbers and customer financial information.
Having cyber insurance in place is one of the best things a business can do to help mitigate future cyber losses. Personal customer data stolen by cybercriminals can be sold on the dark web or used to launch additional cyber attacks. Cyber incidents can cost companies millions of dollars, and cyber insurance offers protection. Many cyber insurance policies also provide other benefits, such as the help of cyber experts in the event of a cyber incident, cyber education for employees, breach notification services, public relations assistance, case management and credit monitoring services for affected customers, and more.
Follow Shamarra Gray on Instagram.
