The biggest data breaches in business — and the costs
An overview of recent data breaches that hit the headlines
The impact of a data breach on major companies cannot be understated. As well as the devastating effect it has on consumer confidence, the financial implications can be huge. Regulators around the world have been known to impose fines of hundreds of millions of dollars after sensitive information has been compromised. Here, we look at recent data breaches that hit the headlines.
To fully understand the effects of data breaches, it’s worth looking at the case of Equifax — the major credit reporting agency. It has been described as “one of the most serious” in America’s history, and it even led to the company’s former chief information officer being jailed for four months.
Hackers managed to access at least 147 million names and dates of birth, 209,000 card numbers along with their expiry dates, and approximately 145 million Social Security numbers. In terms of the impact of the data breach, which happened in 2017, America’s Federal Trade Commission announced in July 2019 that the embattled company had agreed to pay up to $700 million as part of an international settlement.
This is a record-breaking amount, in part because the company was accused of failing to take basic precautions that would have prevented the breach. Much of the fine will go towards identity theft services for Equifax customers who were directly affected — and the company has also pledged to offer six free credit reports to every American involved for seven years.
After the settlement, shares in Equifax actually increased somewhat modestly — perhaps because investors were relieved that the saga was over. That said, given the massive penalty, and the fact that once-paying customers will now get free credit reports for years to come, the fallout from this scandal will not go away any time soon. In September 2017 — when the impact of the data breach was disclosed by Equifax — share prices plunged by more than 25%.
The effects of data breaches are often felt worldwide. Equifax is a company with international reach — as is British Airways, which has customers across the globe thanks to its expansive network of long-haul flights.
In June 2018, hackers carried out a “sophisticated, malicious criminal attack” on its website. Again, inadequate security arrangements were found to have led login details, card information and travel bookings to being compromised. Victims were diverted to a fake website where the information of an estimated 500,000 people was harvested.
British Airways said it was “surprised and disappointed” when it received a record fine of $230 million. The reason why the penalty was so big is partially down to the introduction of General Data Protection Regulation, also known as GDPR, in the European Union back in May 2018. In the most egregious of cases, a company can be fined up to 4% of their worldwide turnover — much bigger than the maximum of $625,000 that was possible before. It is worth noting that the penalty imposed on BA ended up being worth about 1.5% of their international revenue as of 2017.
The impact of the data breach, along with IT failures and pilot strikes, means BA has been having a miserable few years. Shares fell by about 0.8% in the immediate aftermath of the fine being imposed, which the airline said it would appeal. The real story potentially lies in the precipitous drop in BA’s share price after the data breach was publicized, as they plunged by more than 4% in the hours that followed.
Other recent data breaches also include Uber — another company that has been battling scandals on multiple fronts. The ride-hailing giant has faced controversies surrounding allegations of sexual harassment, claims it aggressively shut down the competition, denied its workers crucial rights, and compromised passenger safety.
In September 2018, it was fined $148 million after a cyberattack compromised the data of an estimated 57 million of its customers and drivers. When it came to this case, it could be said that the cover up was worse than the crime. This breach actually happened in 2016 — with Uber paying the hackers responsible $100,000 to delete the data they had illegally required. Details of what happened were only disclosed a year later, prompting the young company to admit that it could and should have been more transparent.
This incident actually came before Uber’s initial public offering, meaning we cannot tell what impact the breach would have had on its share price.
So… what have we learned?
In short, data breaches are expensive — especially considering tougher laws have been introduced in recent years. Regulators clearly hope these high fines will make companies redouble their efforts to keep customer information safe. That said, it’s fair to say that further cyberattacks will be nothing short of inevitable in the years to come.