Yahoo Data Breach – what are the ramifications

InfoArmour, a firm who sampled some of the stolen data with The Wall Street Journal, recently questioned Yahoo’s claims of a state-sponsored attack by suggesting all the evidence points towards a known criminal gang.” Interesting to note that Yahoo delayed the announcement of the breach by two years.

This story demonstrates why organizations need to implement tighter security measures and be vigilant of their data security policies

security3

In late September, Yahoo announced that at least 500 million user accounts had been compromised. The data stolen included users’ names, email addresses, telephone numbers, dates of birth and encrypted passwords, but not credit card data. Large data breaches have become increasingly common: Just in 2016 we have found out about Yahoo’s breach as well as the LinkedIn hack (compromising 167 million accounts) and the MySpace breach (360 million accounts).

When personal information is stolen, rapid response is important. Customers need to change their passwords, and take other steps to protect their identity, including securing bank accounts and credit records. If people don’t know a breach has occurred and that they need to take these protective steps, they remain vulnerable.

Information Request

 

Canadian Data Breaches in 2015

Ashley Madison – 30 million records exposed from the dating site, a $578 million class action suit filed against parent Avid Life Media.

Professional Engineers and Geoscientists of Alberta – yielded members’ names, email addresses and association ID numbers.

A Calgary wine store had to pay $500 in Bitcoin to meet a ransomware demand or lose access to its database.
data-breach-numbersA Rogers Communications staffer was the victim of a phishing attack that led to the loss of a “small number” of business agreements, which included business name, address, phone number and pricing details of the corporate customers.

Ontario’s Education ministry acknowledged that 5,000 unencrypted email addresses of people who had left contact information on a site looking a workshop were exposed.

A Toronto luxury hotel managed by one of Donald Trump’s companies was one of seven in a chain hit by POS malware. An unknown number of customers have been warned that payment card account number, card expiration date and security code may have been copied.

Symantec said four unnamed Canadian firms were among 49 organizations in more than 20 countries hit by a group looking not for credit card information but corporate data and intellectual property.

Approximately 2,200 of General Motors Finance customers was “inappropriately accessed” by a former employee which may have been used to create phoney identification.

Records of nearly 30 University of Calgary employees were been fraudulently accessed.

Information Request

Data Wiping – Is your data really gone?

When you delete your files, empty your recycle bin, or clear your internet history, your data isn’t really gone. In fact with freely available tools you can fully recover all deleted data. This means your business, customer and employee data can be recovered by virtually anyone. When you delete files, all that happens is your operating system removes the reference to your file from its internal directory but the file remains there.

A common practice by corporations is to reformat or wipe the hard drives on obsolete or unused computers then sell or give these assets to employees, donate to charities or pass them on to a recycler.

devices

Data can be recovered from ANY STORAGE MEDIUM with free, internet programs. How much is your data worth?

Ensure piece of mind and protect your data after devices have reached end of life by having them destroyed by a NAID Certified Data Destruction Facility!

Information Request

Data Breach – What’s the Impact on your business?

According to the results of a recent Alertsec survey of 1,200 U.S. residents, 97 percent of respondents said data breaches “unsettle” them and result in negative brand perception.

Almost a third (29 percent) of respondents said it would take them several months to begin trusting a company again following a data breach.Thirty-five percent of respondents said a data breach reflects sloppiness, 32 percent said it reflects a lack of professionalism, and 26 percent said it makes a company a target for lawsuits.

target

 

How long could your business survive a Data Breach? One week, one month or maybe a year. The best way to survive a data breach is to prevent it.

Modern electronic data storage devices are extremely resilient, and data recovery techniques and technology are highly advanced. Data are routinely recovered from media which have been burned, crushed, submerged in water, or impacted from great heights. In effect, it really is quite difficult to permanently get rid of data, but the permanent and irreversible destruction of data is a cornerstone of protecting the privacy and security of business, customer and employee records. Data destruction encompasses a wide variety of media. The choice of destruction methodology should be based on the risk posed by the sensitivity of the data being destroyed and the potential impact of unauthorized disclosure.

shread

The ONLY way to prevent data from being recovered from your storage assets is DESTRUCTION.

Information Request

Insider negligence is the biggest cause of data breaches!

According to a Ponemon Institute survey customers and employees lose faith in organizations that can’t keep business and personal data safe – the impact? They take their business elsewhere. It is estimated that data breaches cost companies on average $6.6 million per breach! The highest reported breach cost one business a record $32 million dollars. The report goes on to state that “organizations must focus on proactively protecting their data instead of relying exclusively on written policies, procedures, and training.”

security3

While many breaches do originate with outsourcing companies, contractors, consultants, and business partners this however only accounts for 44% of the breach total. It is insider negligence that’s the biggest cause of breaches. According to the Ponemon, more than 88% of the breaches arose from an insider’s mistakes.

While a significant amount of breaches are a result of poor data handling practices such as the storage of company on employees personal computers and tablets whether done locally at the business offices or remotely, the storage of business information on transportable media such a CD’s and USB sticks or the emailing of business information to third parties, customers or other employees that may be saved at their locations.

Data should be appropriately managed across the entire data lifecycle, from capture or creation to destruction. Planning for data destruction should be an integral part of any quality data management program.

1

Does your company have a Data Destruction Plan?

Information Request

Put Your Mind At Ease With Absolute Data Destruction

Absolute Data Destruction is a NAID Certified facility specializing in the secure destruction of digital data devices such as SSD, Hard Drives, Smartphones, USB and SD Memory. Tape and other digital media. Absolute Data Destruction’s sole purpose is to facilitate the permanent destruction of personal and corporate data devices using a “zero landfill” shredding process.

imagesexport_page_3_image_0003

Simply deleting or reformatting does not insure that confidential documents and information is no longer accessible. Absolute Data Destruction removes all traces of your information – corporate and personal data no matter what device it is stored on hard drive.  At Absolute Data our team delivers results and guarantees that the data you want destroyed will never be leaked or recovered again – We Guarantee It!.

Absolute Data Destruction issues a Certificate of Destruction identifying every individual asset destroyed by Serial Number.

Contact us for more information.

Information Request

8-9-2016-3-08-54-pm

50 Leading Road Unit # 5 Toronto, Ontario M9V 4B5

Phone: (416) 742-7444

Fax: (416) 742-7411

e-mail: contact@absolutedatadestruction.ca