You need to know what's going on and why it's important to explain to your organization all the bad things that are happening. For-profit hackers are making billions in selling your data and nation state funded hackers are after your intellectual property . . . not to mention your customer information and the liability that is involved as well as the new laws that can put you in jail. Understand that the vast majority of financial institutions do not report hacking as it opens them up to more scrutiny and lowers stock price.

Read below to know what is going on and understand this is only the tip of the iceberg. As some might say, "You're not in Kansas anymore" Call me if you have questions.

First American Financial Corp Data Leak

The US-based mortgage settlement and real estate financial services company First American Financial Corp faced one of the biggest hacks in history . . . . 885 million files containing sensitive customer data were available on the dark web. Obviously adequate security strategy and plan were not funded. After something like this, there is a substantial turnover in management from the CEO down and very unhappy stockholders.

Quora Data Breach

100 million (50% of their user base) of Quora users’ data were stolen in one of the biggest hacker attacks to its internal systems stealing usernames, email addresses, encrypted passwords, and data imported from linked networks, such as Facebook and Twitter. Thus, user account passwords and account information from all linked accounts and identity information because people used the same, similar, and simple passwords instead of unique ones. Quora did not have a great plan for security, and that led to the breach.

Cambridge Analytica Scandal

Political consulting firm Cambridge Analytica illegally accessed the personal information of millions of Facebook users without their consent. This was due to sloppy access control in Facebook’s interface. Facebook faced widespread criticism and was fined $5 billion by the U.S. Federal Trade Commission for violating users’ privacy. Many employees were let go over this . . . unhappy stockholders and potential criminal charges . . . not great for job security or resumes.

Marriott International Data Theft

One of the largest penetrations in history was the Marriott Hotel data theft that exposed 500 million guest records, including passport details, driver licenses, credit cards, arrival-departure dates, and other sensitive personal information Britain’s Information Commissioner’s Office fined the company 18.4 million pounds for violations. Again , , , limited planning . . . as they thought it was too expensive . . . again . . angary stock holders . . . big turnover at the upper levels.

The University of California, Los Angeles Data Theft

UCLA suffered a huge data theft that exposed the personal information of approximately 4.5 million individuals. The data compromised in the theft included names, Social Security numbers, dates of birth, addresses, and medical information. Rumor had it that they never changed the default passwords on their servers because they assigned inexperienced students who came at no cost, and who had no understanding of computer security. What can I say.

Target Data Heist

Target, the place where many of us shop, suffered a substantial data breach that exposed the credit and debit card information of approximately 40 million customers. A sloppy network configuration allowing access to Target’s payment system caused the breach. Most importantly, Target knew there was a problem but failed to take action when warned a number of times concerning the absence of adequate system protection. Do you shop at Target . . . I do? I also use a system that changes my password every three months. I can tell you why that's essential.

The Great Twitter Heist

As Elon Musk was purchasing Twitter; in 2022, attackers penetrated Twitter’s weak security and sold 5.4 Million users’ information on a hacking forum. In January 2023, attackers went after the crown jewels and further scraped 400 Million users’ public and private data, selling it on the dark web. The security flaw left users, including high-profile celebrities, politicians, and activists, exposed to social engineering, targeted phishing attacks, and identity thefts, among other actions that could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Did Elon fix the system? Did he fire those who caused the problem?

Exactis Break In

The Exactis data breach is yet another example of the largest hack in history. Exactis is a marketing and data aggregation company that stores customer data for many organizations across many variables to target ads. It had stored nearly 2TB of customer data on a publicly accessible cloud server . . . that is 2 trillion bytes or a two with 12 zeros after it. This left data of 340 million customers, including 400 variables of personal characteristics, for sale on the dark web . . . was yours for sale? Who was taking care of computer security? Was this like driving on a curvy dirt road in the mountains with no headlights?

The Yahoo Fiasco

Over one billion Yahoo accounts were compromised, including names, DOBs, security questions, contact details, and passwords. Then, another 500 million accounts were hacked. Again, sloppy security as encryption used to protect the data was outdated and could be broken with ease. The tendency for people to reuse passwords and security questions has serious implications. If you ever had a Yahoo email account and never changed your password . . big problem. If you changed to Gmail with the same password, the hack means someone could access your current email account. This is why identity theft is such a problem . . . be careful of who you trust.

The Heartland Payment System Credit Card Heist

Heartland is one of the world’s largest credit card payment processors, processing about 100 Million monthly transactions for Visa, MasterCard, American Express, and Discover. Heartland’s system was compromised, and an estimated 180 Million customer credit and debit card accounts were pirated, making it one of the largest credit card hacks in history. The attackers obtained enough data to produce physical credit cards for sale. Shareholders typically take care of the situation, and those responsible leave. Do not be in that line of fire.

The Big Equifax Robbery

One of the worst security breaches in history is the Equifax robbery. You know all the information Equifax has on you. The huge credit-reporting agency had several sloppy security incidents and lapses that enabled attackers to access sensitive PII. Recall PII is information that could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual), date of birth, social security numbers, address, driver’s license numbers, etc., of over 143 million customers. This is information about you that could enable someone to steal your identity. The company spent 1.4 billion in recovery after this data breach, just because their computer security people were not paying attention and did not apply the required security updates and patches . . . not a smart career move. You might ask if your company liability insurance would cover such an incident? If your firm has that kind of insurance, and you filled out the application incorrectly, then you probably will not be covered. How many people were fired when stockholders got the 1.4 billion bill. Absolutely, no job security when you don't think about computer security,

Colonial Pipeline Ransomware Attack

I'm sure you remember this one . . . Colonial Pipeline is an American fuel company that supplies fuel to a large section of the East coast of the US. During the Mother’s Day weekend, attackers unleashed the DarkSide ransomware on the company, taking advantage of the upcoming holiday. This ransomware brought the entire IT systems of the company to a grinding halt and led to the suspension of pipeline operations for an extended period. The halting of the operations caused a fuel shortage along the east coast, which caused panic buying among retail consumers and rescheduling flights among airline consumers. Attackers demanded a ransom of 75 bitcoins in exchange for the decryption tool. The company had to oblige and pay the ransom to resume operations.

One of the main factors was a lack of proper security controls and protocols within Colonial Pipeline’s IT systems. The system had not been properly patched or updated.

A lack of preparedness and response planning by the Colonial Pipeline created the nightmare scenario . . . they never thought they needed a computer emergency plan, so the company was initially slow to respond to the attack and struggled to contain the damage and restore operations. This led to significant disruption to the fuel supply chain in the southeastern United States and caused shortages and price increases at gas pumps. Think about this . . . would your firm know what to do if your computer systems were completely locked down. Who would you call? What do you say? You have fire drills. . do you have computer network emergency drills? Does your firm have a backup emergency computer network . . . why not since almost all have an emergency power and lighting backup system? How much would it cost your firm to be down for an hour . . . a day . . . a week . . . or longer . . . what is your plan for your firm’s continuity of operations for various emergencies?

Capital One Gets Reamed Out

The Capital One breach exposed customers’ sensitive personal, banking, and financial information, including Canadian social insurance and US social security numbers, loan applications, credit scores, credit limits, account balances, etc. This hack affected 100 million US and 6 million Canadian consumers, making it a major breach. The attacker, a former software engineer at Amazon Web Services (AWS), orchestrated this attack and stole 80,000 bank account numbers and 140,000 US social security numbers, apart from exposing sensitive information. While working at the company, the former AWS employee built a tool that could hack into and access many AWS accounts, including those belonging to Capital One. The breach was made possible due to sloppy security practices at Capital One, as their firewalls were misconfigured

Capital One was fined 80 million and paid 190 million in settling customer lawsuits. The former AWS employee was arrested and convicted of data breach crimes. Let's see, how did 80 million plus 190 million bill to the stock holders work out? What do you think? No job security for the computer security types . . . what would you do?