Notable Data Breaches and How To Protect Your Company
April 23, 2024
Electric reports that the projected cost of cybercrime to the global economy by 2025 is $10.5 trillion, a 15 percent increase over this year. It discusses some notable data breaches at companies large and small in 2023-24, their causes, impacts, and what you should do to protect your company.
The September 2023 cyberattack on MGM Resorts International is on the list. It cost MGM an estimated $80 million in revenue over five days. Key takeaways for businesses from the attack include the importance of incident response plans, employee training (social engineering played a role in the breach), third-party risk management, and layered cybersecurity defenses.
In March 2024, American Express customers were notified of a potential breach of their data. The company’s internal systems weren’t implicated. It stemmed from unauthorized access to a third-party merchant processor. Users of American Express services were encouraged to enable real-time notifications to alert them to unusual purchases or transactions. Names, account numbers, and card details were likely compromised.
Another March 2024 attack yielded usernames and passwords belonging to customers of the streaming platform Roku, which is used by 80 million customers. Electric says the attack highlights the dangers of password reuse across multiple platforms. Roku customers were locked out of their accounts and attackers attempted to fraudulently purchase streaming subscriptions.
What Electric calls the Mother of All Breaches was discovered in January 2024. It is a leaked compilation of 12 terabytes of information and 26 billion records including data from previous breaches and leaks, and potentially featuring new, unpublished information.
The leaked data includes usernames, passwords, and sensitive information from many sources, including LinkedIn, Twitter, and MySpace to name a few, and government sites. Some of the data is probably outdated, but cybersecurity experts say the risk of credential stuffing, phishing schemes, and unauthorized account access is substantial.
Critical intelligence for general counsel
Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.