Data Breaches Have Unforeseen Consequences 15:12, October 16, 2016

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

Our Resources

Data Breaches Have Unforeseen Consequences

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

Companies that fail to protect data can face consequences such as charges for engaging in unfair practices, falling profits, and the loss of customers’ trust. These are some common reasons why companies are making cybersecurity a top priority.

But data breaches can sometimes lead to unforeseen consequences. For instance, in July 2016 Verizon agreed to buy Yahoo for almost $5 billion. But just days after the agreement was announced, Yahoo disclosed that data associated with at least 500 million user accounts had been stolen.

Since then, media reports have speculated that Verizon is demanding a $1 billion discount on the purchase. Although Verizon hasn’t confirmed the reports, its CEO Lowell McAdam has said that the company is still trying to determine whether the breach had a “material impact” on Yahoo’s value.

Credit Union Blocks Wendy’s Transactions

In late 2015 and early 2016, over 1,000 Wendy’s franchises were affected by a point-of-sale (POS) malware attack that stole credit and debit card numbers, cardholder names, and other information.

Effective October 3, 2016, American 1 Credit Union decided to “temporarily decline” its credit and debit cards at all Wendy’s franchise locations, saying in a statement on its website that:

Wendy’s has not been able to successfully contain their data breach as of this time and, therefore, in order to protect our members’ accounts, all American 1 credit and debit cards cannot be used at any Wendy’s location until further notice.

The credit union’s CEO, David Puckett, said in a blog post that over 18,000 of the credit union’s 47,000 issued cards were compromised and that “[t]he amount of stolen money American 1 has already returned to its members is just shy of the amount returned in the Home Depot cyberattacks with additional disputes being resolved daily.”

Tracy Kitten, who writes about information security, was unsure about the effectiveness of the credit union’s move. But she applauded the credit union “for making a bold statement and bringing valid concerns about POS security to the public’s attention.”

Companies Must Make Hard Data Security Choices

As a New York Times story notes, organizations sometimes have to make hard choices about their data security: “To make computer systems more secure, a company often has to make its products slower and more difficult to use.”

Jeremy Kirk, who writes about information security, agrees, saying that “companies often have to make hard choices between security and convenience, and all of them set their own tolerance level for fraud.”

Even when companies make the right data security choices, they sometimes have to deal with insider negligence when employees are poorly trained or their actions aren’t monitored. For more information about data security awareness training, check out LawRoom’s white paper.

You might also be interested in...

  • Don’t “WannaCry”? Take Charge & Raise Cybersecurity AwarenessJune 1, 2017 Don’t “WannaCry”? Take Charge & Raise Cybersecurity Awareness If even the National Security Administration (N.S.A.) can have its secrets stolen and exploited, what about private companies that have profit (not data security and intelligence) as their prime directive? According to the New York Times, cybercriminals turned stolen N.S.A. hacking tools […] Posted in data security
  • Ransomware Holds Data HostageJuly 29, 2016 Ransomware Holds Data Hostage The US Department of Health and Human Services (HHS) states in a Fact Sheet on Ransomware and HIPAA that ransomware may result in a breach that must be disclosed under the HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule. Ransomware is malware (malicious […] Posted in data security
Christine Day
Christine Day is a legal editor at EverFi. She writes about employment law issues and tracks case law and legislative and regulatory updates. Before joining EverFi she worked in legal publishing, researching and writing about tax law, business law, and employment law. She earned her JD from the University of San Diego Law School and her BA from the University of Southern California.

Leave a Reply

Leave a Reply

White Paper
Data Security training
for employees

  |   Download White Paper

 

Compliance Course Catalog
  |   Download Catalog