The tech headlines in 2020 are dominated by news of virtual conferencing and learning and a surge in e-commerce. Safety and security is all about COVID-19 protocols to limit person-to-person contact and sanitize the workplace. But what may be underreported is that data breaches and security hacks are still a serious threat to every business. A look at several of the top instances of cyber theft and unauthorized access is a vivid reminder that computer security is still a top priority.
January through May Breaches
Legacy technology companies like Microsoft may be thought of as immune from cyber attacks. But even they are susceptible. In January, Microsoft revealed that it had experienced a data breach within one of its customer support databases, and approximately 250 million pieces of private data were exposed. Two months later, the consumer beauty products giant Estée Lauder became another victim of a significant breach involving more than 400 million compromised records. By March of 2020, T-Mobile announced that it, too, was hacked and that customer and employee data such as account numbers, phone numbers, and billing information may have been stolen. Marriott also disclosed a data breach that impacted more than five million of its customers and/or employees.
Millions of Records Exposed to Criminals
One of the more extraordinary events involved a brazen hack by cyber thieves that likely embarrassed the U.S. Marshals Service, which is typically feared by criminals. In May, the law enforcement agency revealed that breach, which happened right before New Year’s Eve. Data that may have been compromised included Social Security numbers. Another government entity, the U.S. Small Business Administration (SBA), said it was hacked in April just as business owners nationwide applied for emergency SBA COVID-19 loans. About 8,000 loan applications were affected, and it’s possible that the applicants’ Social Security numbers were exposed.
The Legal Cost of Vulnerability
Not only are victims of hacks subject to identity theft, but businesses may be held liable if their websites, payment systems, servers, or data banks lack proper security. Wichita State University was sued in March, after a breach exposed data including Social Security numbers. The lawsuit alleged that the institution failed to pay for security measures and was negligent in storing sensitive data. The accounting firm BST & Company, a ransomware attack victim, also faces a lawsuit filed in late May that alleges inadequate computer security. In May, the easyJet airline was hit by a cyber attack, and now easyJet is dealing with a class action lawsuit that could cost it close to $22 billion.
Prudent Measures and Best Practices
The first six months of 2020 saw data breaches that exposed more than 3.2 million records. That’s why security experts strongly advise taking proactive steps. Those include following PCI compliance guidelines, vetting vendors and technology partners to ensure they have robust security, and training employees in best practices. Measures taken should cover both on-site computer systems as well as e-commerce sites, and extend to employee laptops and phones if they contain any sensitive company or customer data. The good news is that by adhering to basic safety protocols, businesses of all sizes can potentially reduce and safely manage their risk of exposure to cyber crimes.