Data Breaches Have Unforeseen Consequences
Companies that fail to protect data can face consequences such as charges for engaging in unfair practices, falling profits, and the loss of customers’ trust. These are some common reasons why companies are making cybersecurity a top priority.
But data breaches can sometimes lead to unforeseen consequences. For instance, in July 2016 Verizon agreed to buy Yahoo for almost $5 billion. But just days after the agreement was announced, Yahoo disclosed that data associated with at least 500 million user accounts had been stolen.
Since then, media reports have speculated that Verizon is demanding a $1 billion discount on the purchase. Although Verizon hasn’t confirmed the reports, its CEO Lowell McAdam has said that the company is still trying to determine whether the breach had a “material impact” on Yahoo’s value.
Credit Union Blocks Wendy’s Transactions
Effective October 3, 2016, American 1 Credit Union decided to “temporarily decline” its credit and debit cards at all Wendy’s franchise locations, saying in a statement on its website that:
Wendy’s has not been able to successfully contain their data breach as of this time and, therefore, in order to protect our members’ accounts, all American 1 credit and debit cards cannot be used at any Wendy’s location until further notice.
The credit union’s CEO, David Puckett, said in a blog post that over 18,000 of the credit union’s 47,000 issued cards were compromised and that “[t]he amount of stolen money American 1 has already returned to its members is just shy of the amount returned in the Home Depot cyberattacks with additional disputes being resolved daily.”
Tracy Kitten, who writes about information security, was unsure about the effectiveness of the credit union’s move. But she applauded the credit union “for making a bold statement and bringing valid concerns about POS security to the public’s attention.”
Companies Must Make Hard Data Security Choices
As a New York Times story notes, organizations sometimes have to make hard choices about their data security: “To make computer systems more secure, a company often has to make its products slower and more difficult to use.”
Jeremy Kirk, who writes about information security, agrees, saying that “companies often have to make hard choices between security and convenience, and all of them set their own tolerance level for fraud.”
Even when companies make the right data security choices, they sometimes have to deal with insider negligence when employees are poorly trained or their actions aren’t monitored. For more information about data security awareness training, check out LawRoom’s white paper.