InfoArmour, a firm who sampled some of the stolen data with The Wall Street Journal, recently questioned Yahoo’s claims of a state-sponsored attack by suggesting all the evidence points towards a known criminal gang.” Interesting to note that Yahoo delayed the announcement of the breach by two years.

This story demonstrates why organizations need to implement tighter security measures and be vigilant of their data security policies

In late September, Yahoo announced that at least 500 million user accounts had been compromised. The data stolen included users’ names, email addresses, telephone numbers, dates of birth and encrypted passwords, but not credit card data. Large data breaches have become increasingly common: Just in 2016 we have found out about Yahoo’s breach as well as the LinkedIn hack (compromising 167 million accounts) and the MySpace breach (360 million accounts).

When personal information is stolen, rapid response is important. Customers need to change their passwords, and take other steps to protect their identity, including securing bank accounts and credit records. If people don’t know a breach has occurred and that they need to take these protective steps, they remain vulnerable.