In today’s digital world, all businesses have technology integrated into their processes more than ever. Technology provides them with a number of opportunities and benefits from better data management to increased productivity and many marketing options. In fact, even today’s consumers expect businesses to go digital or go home. According to a 2019 report from the Spiceworks State of IT, businesses are investing in technology for the following reasons: 52% invest in technology for business growth, 47% make the investments to support the needs of their customers, and 46% do it to improve their ability to meet project needs. That being said, there is no surprise that technology is here to stay in the business landscape.
However, with the implementation of technology in the business scene, all companies are facing a new type of risk: cyberattacks. All businesses, regardless of their industry or size, are targeted by hackers. The cybersecurity experts from Cytelligence explain that” Cybersecurity is often seen as one of those big issues that only large entities such as banks or tech companies have to worry about. However, any successful cybersecurity breach can destroy an entire company no matter its size.” In fact, according to SmallBizGenius, almost half of all small businesses were the victims of at least one cyberattack last year. Moreover, according to 2018 data from Statista, most common cyber-attacks experienced by US companies included phishing, network intrusion, stolen device or records, and inadvertent disclosure.
That being said, let’s take a look at the cyberattack experiences of 4 reputable companies that cost them a lot in terms of money and lost customers:
1. eBay, May 2014
In 2014, the online auction giant has experienced a massive cyberattack that had tremendous consequences including exposing all personal data and encrypted passwords of all its 145 million users at that time. According to the eBay representatives, the hackers who attacked the company succeeded to access the user database using the authorizations of three of the company’s employees. Luckily, the cyberattack did not have financial consequences for the company’s budget as the hackers didn’t manage to compromise any financial information or its payments unit PayPal. However, it did cost the company a lot since, as a result, the company’s security practices were investigated by at least three US states and the company itself has also spent a lot of money hiring several security firms to help it avoid a similar situation in the future.
2. Tesco Bank, November 2016
The cyberattack that affected Tesco Bank company in November 2016 has nearly left the company close to bankruptcy. Compared with the attack that affected eBay, the hackers that attacked Tesco Bank have put the company in the position of reimbursing a surprising number of £2.5m to over 9.000 of their customers. It seems that the hackers managed to find a weakness in the mobile banking app of the company which helped them compromise the company’s financial services entity. The attack has started with sending automatic text messages to the company’s customers asking them to contact the company for more information about a “suspicious activity” on their accounts. Obviously, as the calls have started to happen, the company’s fraud prevention line was quickly overwhelmed.
However, the company was prompt to take control of the attack and to minimize the damages as it has managed to stop about 80% of the unauthorized transaction. However, the damage the hackers have caused managed to affect 8.261 personal accounts of the company’s customers. Apart from the financial damages that the hackers managed to create, the Financial Conduct Authority has also made the bank pay a £16.4m fine as the company failed to protect their customers’ data and money.
3. Yahoo, July and December 2016
The data breach that affected Yahoo is certainly worth mentioning as it was a big-time cyber-attack that bought a number of consequences over the company. It seems like Yahoo keeps on experiencing several cyberattacks and the company often takes a while before reporting them to its users. The attack which took place on July 2016 was discovered and reported by the company in December when it has been found that a broker was selling the names and password accounts of about 200 million users. Yahoo also suffered a massive attack in 2014 in the UK when more than 500 million users were affected by the data breach. The 2014 attack has led to an investigation from the Information Commissioner Office which resulted in a $335,000 fine for Yahoo company.
4. Facebook, September 2018
Another big-time cyberattack, certainly worth mentioning is the one that affected Facebook company resulting in compromising highly sensitive data such as locations, contact details, relationships status, and even the devices used by users to log in. With such an impressive number of users, it is unbelievable that Facebook didn’t invest more in cybersecurity as the company was clearly one of the most interesting targets for hackers. The company reported that a security hole has allowed the hackers to access so many accounts of its users. Facebook also explained that the hackers have stolen tokens, which are the digital keys that allow users to log in without entering their passwords, from 50 million accounts. Obviously, after stealing the tokens, the hackers had obtained full control over the accounts of Facebook users including all their private information, photos, and messages.
After the attack, when the company has determined what has caused the massive data breach, Facebook has reset the login details for about 90 million users as a security precaution. Apart from the 50 million users whose accounts have already been compromised by the attack, Facebook also logged out 40 million users from their accounts because they have used the “View as” feature which was one of the security holes that allowed hackers in. There are a number of reasons why hackers decide to target a certain company. While some hackers do it for money, others even do it just because they can. So, no matter the size or the industry, all companies are at risk of cyber-attacks.