Yahoo! has indicated that significantly more people may have been affected by the data breach reported last December than first thought and that all user accounts may have been affected by the August 2013 theft. That’s all three billion user accounts and up from the one billion figure Yahoo initially reported. Since disclosing the hack, Yahoo had continued to add to the total number of accounts compromised, but this announcement makes it clear that if you had a Yahoo email account, you were definitely part of the breach. This includes an estimated 8 million UK user accounts.
The news comes four months after Yahoo was acquired by Verizon Communications (under a new division named Oath) for $4.48 billion — down $350 million from the initial offer due to the severity of the hacks.
Elizabeth Denham, UK Information Commissioner said
“It is very disappointing to see the company is apparently still uncovering additional problems despite the length of time since the breach occurred.
We are talking to Yahoo! and have advised them to contact all customers affected as soon as possible.
We continue to investigate alongside the relevant international authorities to ensure the data protection interests of UK customers are considered.”
What can your business do to help prevent a data breach like Yahoo?
- Be Cyber Streetwise: A cross-government campaign which provides SMEs with cyber security guidance and resources: http://www.cyberstreetwise.com
- Cyber Essentials: A government scheme which outlines the basic cyber protections that should be taken by your organisation. Upon completing the requirements, your organisation becomes eligible to apply for government accreditation: http://www.cyber-essentials-scheme.co.uk/
- Mobile device guidelines: One-third of all reported UK cyber security incidents were due to mobile devices being exploited. Develop guidelines on whether employees can use their personal mobile devices and what precautions they need to take in order to safely use their devices.
- Staff training: In the past year, three-quarters of security breaches were the result of human error. For that reason, properly train your staff on identifying and managing cyber threats. The government offers bespoke courses which can be found at http://www.nationalarchives.gov.uk/sme
Did you know that your cyber cover may be useless if your employees hack your data?
Legal experts are warning that businesses’ cyber cover may be invalidated by insurers if employees hack company data. Most standard cyber and data protection policies only provide cover for first- and third-party liabilities, which means that your company may not be covered for incidents that result from deliberate or criminal behaviour by an employee.
If you are unsure, please contact A-Plan’s commercial team to ask about the limits of your cyber liability policy.