European regulators have rightly ordered big changes after the monumental Yahoo data breach that was revealed in 2016, having taken place two years earlier.
Some 500 million Yahoo user accounts were hacked, including around 39m European users; the largest ever single data breach to affect Europe. Information hacked in the Yahoo data breach included names, email addresses, telephone numbers, birth dates and passwords.
European regulators have demanded big changes be made to prevent a future incident of this size and nature ever happening again.
Changes demanded as a result of Yahoo data breach
The vital changes demanded as a result of Yahoo data breach centre on the processes and procedures they must now have in place to ensure that the data they hold is safe and secure. Their previous standards were judged to have not met the expected standards of EU law, and they must now ensure that all of their data protection policies are updated and refined to adhere to relevant legislation.
Ultimately, this was a mega breach that should never happen again.
Have lessons been learned after the Yahoo data breach
You could argue that lessons have not been fully learned in the aftermath of the Yahoo data breach that was discovered in 2016. There have been a number of huge data breaches since then, of which two of the most prominent ones are the Equifax data breach we’re helping people with and the massive Dixons Carphone data breach of last year that was reported this year.
If lessons have been learned from others who had suffered such huge data breaches, how is it acceptable that such big data breaches have since occurred; particularly given they were preventable?
We also have the NHS at risk from old systems and servers that are not up to effectively defending against new and evolving attacks. The WannaCry attack of last year was a clear testament to this fact.
GDPR and the Yahoo data breach
With the Yahoo data breach taking place in 2016, they may want to consider themselves incredibly fortunate that this preceded the new GDPR that came into force this May. The punishments could have meant paying fines in the region of £17m or 4% of Yahoo’s global annual turnover.
This would have been a proper punishment for what was a preventable data breach that affected a monumental number of people.
We’re hopeful that the threat of the new fines is enough to push organisations into shaping up their cybersecurity and data breach efforts, but the real impact of GDPR may come when the first victim falls and pays a huge fine as a result of a breach. The recent Ticketmaster data breach we’ve started an action for may well be the first one to see a huge fine imposed given that it was entirely preventable and was taking place after the deadline.