One of the world’s biggest companies, Yahoo Inc, has just been forced to admit that not only did it leak 500 million user account details two years ago, but it has now found out that three years ago it also had 1 billion user account details stolen from it.
In the rapidly escalating race to be the biggest ever cyber security breach, Yahoo has just come out on top again. This means that roughly one in every seven people in the world has had their personal details leaked by Yahoo. That is staggering.
What is perhaps even more astounding is that it has taken Yahoo three whole years to find this out. So whoever stole this information, a state sponsored actor, criminal enterprise or a teenage hacker, has had three years to mine the data for their own financial gain.
How is this possible you may well ask? How can a technology company like Yahoo not know that their networks have been breached and all of the information in them has been stolen? That is a question for Yahoo to answer, but unfortunately it is not just a question for them alone. Many other companies who hold sensitive data have also been breached and they still don’t know.
This is just not acceptable. These companies have a requirement not only to do their utmost to protect the personal data they hold on behalf of their customers, but also to inform customers if and when their data is stolen, so that they can protect themselves.
The new General Data Protection Regulation, being imposed by the EU, from 2018 will make it a mandatory requirement under EU law to disclose such a breach. Ignorance is unlikely to be an excuse that goes down well with the regulators, who will be able to impose huge fines for non-compliance.
Neither does any company have an excuse that they cannot afford the resources to manage this issue and rapidly identify any breaches and plug the gaps in their defences. Transputec is just one of many companies that now offer Cyber Security as a Service to companies as a software solution available on a licence basis.
Cyber security is routinely reported as the top concern keeping CEO’s and CIO’s awake at night. It should be, because the risk that such an event will ruin their business is very real. But now they have the ability, and the obligation, to do something about it.
Sonny Sehgal
Head of Cyber Security
