Two Famous Security Breaches
1st Given Name Surname
dept. name of organization (of Affiliation)
name of organization (of Affiliation)
line 4: City, Country
email address or ORCID
uu
Department of Computer Science
Bowie State University
Bowie, MD USA
Abstract—Most organization are rarely immune to data and security breaches due to inadequate regulatory stances. Security breaches are becoming a common occurrence when dealing with customer information. A need for proactive solutions is required. The following note highlights two impactful data breaches that have taken place in the 21st Century and the risk they posed to both the company and the consumer. The note acts as a research into dynamic world of data protection and mitigation from risks and losses.
Keywords— data breach, privacy, information, training, customer, security
I. INTRODUCTION
Incidents that resuts in unauthorized access of computer data, network, devices and applications are on the rise across the United States. This incidents are what constitute data or security breaches. The result and effects of such unauthorized access is that a lot of information ends up being leaked and accessed by third parties for purposes of marketing or financial fraud on people without their authorization. Millions of Americans fall victim fo such attacks. For the organization the effects are even dire. In most cases, data and security breaches work to break the organization’s business and reputation. Some of the more targetted data include the financial and personal information such as name, address, Social Security Numbers, and dates of birth, bank routing numbers among other personal information.
Researchers identify that the phenomenon is on the rise across the United States stating that in 2017, the Ponemon Institute estimated a total of 130 successful breaches per major company, which was a 27% rise from the previous year representing a total of $11.7 million per company putting a total of 16.7 million US citizens at risk and stealing nearly $16.8 billion dollars [1]. This essenrially makes cyber crime a prominent form of crime that the governemnt and regulators need to address and mitigate to prevent further loss of data. The following report highlights the nature of the security or data breaches that were prominent within the US economic sector. Data and Security breaches within companies open consumers and customers of various organizations to prey; at the same time it presents organizations to costly litigation while compromising their business models.
II. PREVALENCE OF SECURITY BREACHES IN THE US
With the prevalence of internet connectivity in the US security breach are on the rise. Another factor playing a role in increased data loss is the decreased regulatory measures in place to prefect corporation and mitigate security losses. As such data breach are becoming an inevitable occurrence within the United States. Corporate data breach accounted for 35% of all security breach experienced in 2005 accounting for $56 billion [2]. Security breaches within organizations generally occur when personally identifiable information is lost or becomes maliciously stolen. The process is irreversible and present dire consequences for the customers who trusted the institutions with their data. It is even more dire in cases of credit financial information where the average citizen cannot “opt out” as it is needed for them to be included within the national financial rating. Research indicate that in most financial institutions consumers have little option over how their data is used as soon as they sign up [1]. This presents an even dire situation for them as they are at most risk of loss in the event of an attack. Many of the data breaches went undetected since as early as 1996. Generally, there are a lot of inadequacies that persist within the data and security management sector after the breach has occurred. From as early as 2003, local, and state governments have resorted to informing most of the victims only after the event has occurred and nothing more. This is done as a way to mitigate them from potential litigations and keep the civilian base on high alert [3]. There is need for more to be done to prevent data breaches across the US. Nonetheless, security breaches are on the rise. FBI director Robert Mueller identified that in such attacks at the moment there are only two types of parties those who have been hacked and those who are still potential victims, giving the implication that this is a practice on the rise [1]. This further supports an idea that security breaches are constantly on the rise and companies and regulatory agencies need to create more measures to protect the civilians and organizations from data breaches.
III. EQUIFAX SECURITY BREACH
On September, 7th 2017, Equifax declared that it had experienced a security breach. Equifax is a credit reporting agency with millions of Americans credit and financial ranking data. In its memo, it identified that the attack potentially compromised data for 143 million americans this represented slightly nearly 44% of the total american population [1]. Making the breach one of the largest and most impactful ones in the 21st century. The company had already cited possibility fo attack including the fact that in March of the same year its CEO, Richard Smith had already highlighted a bug in its system and blamed a single individual for the inadequacy [1]. The attack targetted its database with numerous of credit information. The attack was prominent and very critical because majority of the people targetted had no way to mitigate their information from being utilized by thrid party agents. Following the attack security litigation are marred by numerous obstacles.
IV. SONY PICTURES ENTERTAINMENT SECURITY BREACH
This is an attack that took place on November 24 2014. Hackers breached into Sony Entertainment security system and compromised employee data. This was done by accessing their workplace network. Research indicates that some of the more important information that was lost include home addrsses of the Sony employee data, social security numbers, birth dates, job titles, medical information, tax records, visas, salaries, bonus plans, termination plans, amoing other personal information [3]. The attack with Sony were important and very critical since the attacks been announced in advanced by the hackers who kept threatening the company that they would attack and compromise their network. Secondly, research identifies that Soy’s employees took the company to court and introduced a lawsuit as a result of the attack.
V. CONSEQUENCES OF THE ATTACKS
Most of the companies know and have been given credible information of the impending attacks way before it occurs. Sony employees identified in their lawsuit that Sony had been informed about the potential result of such an unprecedented attack two decades before the attack took place [3]. While the lawsuits are publicized they rarely achieve justified ends for the parties that have been affected by the loss. According to researchers, most of the parties that are affected are needed to show injury and for their injuries to be traced to a source [1]. In the case that they fail to provide this the cases rarely find justified ends for the victims. This is more important within the health sector. Within the health sector some important discoveries had been made on the consequences for such attacks. Hospitality quality and health services have been recorded to depreciate overtime after a security breach has been conducted on hospital services. When customer data is leaked quality of care for patient and customer becomes compromised as most of them are opened to continued fraud as such, the company becomes less susceptible to ensure their well being [4]. This presents a very dangerous presedence for consumers who are required to provide their data for various financial and health reasona within various organizations.
VI. CONCLUSION
Security breach are on the rise and the corporate sector accounts for a significant number of the total amount of breach expereinced across the United States. Some of the two most significant attacks include an attack on a credit finance company Equifax and the Sony Pictures Entertainment company. In both cases, the customers and employees faced significant damages as htheir personal information was lost. They were opened to a variety of financial risk, personal identification risks. Additionally rarely were the culprits founds making it even harder to recover from the losses experienced. More needs to be done to prevent future attacks.
REFERENCES
[1] MARCUS, DANIEL J. “The Data Breach Dilemma: Proactive Solutions for Protecting Consumers’ Personal Information.” Duke Law Journal, vol. 68, no. 3, Dec. 2018, pp. 556–593. EBSCOhost, search.ebscohost.com/login.aspx?direct=true&db=a9h&AN=133418287&site=ehost-live&scope=site (references)
[2] Romanosky, S., Telang, R., & Acquisti, A. (2011). Do Data Breach Disclosure Laws Reduce Identity Theft? Journal of Policy Analysis and Management, 30(2), 256-286. Retrieved October 14, 2020, from http://www.jstor.org.idm.oclc.org/stable/23018983
[3] Barbanell, J. (2015). Needing A New Approach to Address Employee Data Breaches in the American Workplace. Journal of Law & Cyber Warfare, 4(3), 43-115. Retrieved October 14, 2020, from http://www.jstor.org.sbcc.idm.oclc.org/stable/26441258.
[4] Choi SJ, Johnson ME, Lehmann CU. Data breach remediation efforts and their implications for hospital quality. Health Services Research [Internet]. 2019 Oct [cited 2020 Oct 14];54(5):971–80. Available from: https://search-ebscohost-com.sbcc.idm.oclc.org/login.aspx?direct=true&db=a9h&AN=138541127&site=ehost-live&scope=site. .
