Was this always happening in this big scope? Leaks of games, data that is stolen, all these breaches in big companies. Feels like I see this everyday
I’ve been exposed so many times throughout the years, the mails were automatically moved to the spam folder.
We’ve gotten better at reporting them
Still a very small subset of the data breaches out there.
Think about it.
Start with the total amount of data breaches. Narrow that further to the data beaches that someone noticed. Narrow that further to the data breaches they reported. Narrow further to the ones that you have heard about.
What you know about it is a trailing indicator of the total incidences.
We’ve gotten better at reporting them
Close. There are more laws requiring reporting within certain timeframes. Few companies report when they are not forced to.
IMHO, the biggest recent change is visibility to breach notifications. The notifications have been going out in many places for over a decade, but now there are lots of products that easily expose that information to people and the media.
Cyber security guy here.
Consider a large organization with a lot to lose. They usually invest proactively in a Cyber security program.
Now consider all these companies with data breaches. They were tiny startups with nothing to lose. No reason to consider an investment in cyber security best practices. Their modus operandi was quickly pushing the product to market so that the $ could start coming in.
Thank you for all the answers and also tips
…time to live in the woods :D
Some companies have found that leaks create hype, especially for games. League of Legends is infamously known to get everything leaked, probably on purpose. Until players get fed up with it, at least.
The GDPR enforces that data breaches are made public, so you may have seen a rise in publicly known breaches, starting in 2018.
Many companies in the US have been reporting their breaches since the early 2010’s. All 50 states have some sort of breach notification law on the books.
I have no hard data, but from being in the industry + reading the news, my impression has been that the number of known data breaches went up significantly, even for US companies. Is the punishment maybe just completely laughable in those US laws?
That was the case here in Germany. The GDPR is heavily inspired by our data protection law (BDSG), that we had in place since the 90s. With a significant amendment, which is that punishment went up from at most 300,000€ to 20 billion € (and even more for big companies).
For many companies, this was when they realized, they actually have to adhere to data protection laws. Suddenly, we had non-IT companies reporting data breaches, which was essentially not a thing beforehand.Statista has an interesting break down of US breaches over the past two decades. Unfortunately I’m having a hard time finding this type of break down for other nations.
It’s the new normal.
i mean, are there ever consequences to the companies? how often does it actually affect their bottom line?
it keeps happening because companies doing very little to stop it because they have little incentive to.
any system or network is only as strong as its weakest component - in many cases, people are the weakest component.
I’d say that some time ago there weren’t that many leaks because not so much data was stored. But sites were modified to show spam and such.
Ashley Madison
Equifax
23 and Me
those are the only ones I know off the top of my head because those are the ones that affected me. (my ex-husband was on the AM list; I was affected by the Equifax breach; my daughter was affected by the 23 and me breach)
The 23 and me stuff is expecially scary. It is bad enough giving out genetic information to a company. It is even worse when that information is stolen.
Anyone interested in using a gentic ancestry service should read the book Genethics by David Suzuki & Peter Knudtson first. TLDR if a big enough genetic data bank is aquired by the wrong hands, discriminatory practices could increase significantly in job interviews, health insurance and other sectors. Chemical warfare could also be specifically tuned to specific genetic groups.
My mortgage company had a breach and I saw three articles about three different companies having breachs. That and I think OP is also talking about the video game code leaks.
As someone in the thick of it, it has been a nervewracking quarter for mortgage company IT and Infosec teams. There have been several very high profile breaches the last few months.
Yeah like kinda everything. Wasn’t sure if it’s just more reports. In the end it’s a mix of all the systems.
I thought i missed something. But all you folk’s provided good information for me and i am thankful for this
Ooo. Really sorry to hear about your husband doing that. :-(
No problem. I thought it was hilarious.
And I didn’t say husband. I clearly said ex-husband.
I think they assumed it was “husband” at the time, and only ex husband after the AM leak.
deleted by creator
Also mint mobile recently but yeah data = money. Had to search up Ashley Madison and I’m sorry you went through that
Yes—it’s why you should use a password manager to generate a unique password for each and every site you sign up for, and think long and hard before trusting any site (or any org for that matter) with your personal information.
Haveibeenpwned.com is a website for checking which sites have leaked your data.
Make sure it’s an offline password manager. It’s a really bad idea to allow your password database to be stored on someone else’s server.
LastPass had a breach recently too
I think Bitwarden and Keypass are the good recommendations. Both can be kept local or selhosted.
If you’re coming from LastPass and want something basically 1:1 similar (ex. Don’t want to set up local / self hosted), Bitwarden is an easy switch
Data is worth money. If your bank left the back door open all the time, I’m sure people would walk in and steal money. Same thing.
My personal opinion: those hackers are probably not that clever nor smart, it’s just that companies doesn’t often properly follows security best practices despite storing plenty amount of sensitive information.
