Archive

Go to:

November 2017
SMTWTFS
1234
567891011
12131415161718
19202122232425
2627282930
< Oct Dec >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Yahoo's 2013 Data Breach Worse Than Previously Disclosed
Wednesday, October 4, 2017 6:30 AM

Yahoo on Tuesday said that all 3 billion of its accounts were hacked in a 2013 data theft, tripling its earlier estimate of the size of the largest breach in history, in a disclosure that attorneys said sharply increased the legal exposure of its new owner, Verizon Communications Inc.

Yahoo said last December that data from more than 1 billion accounts was compromised in 2013, the largest of a series of thefts that forced Yahoo to cut the price of its assets in a sale to Verizon. But Yahoo said on Tuesday “recently obtained new intelligence” showed all user accounts had been affected. The company said the investigation indicated that the stolen information did not include passwords in clear text, payment card data, or bank account information.

But the information was protected with outdated, easy-to-crack encryption, according to academic experts. It also included security questions and backup email addresses, which could make it easier to break into other accounts held by the users. The theft ranks as the largest to date, and a costly one for the internet pioneer.

“This is a bombshell,” said Mark Molumphy, lead counsel in a shareholder derivative lawsuit against Yahoo’s former leaders over disclosures about the hacks.

The company said it was sending email notifications to additional affected user accounts. The new revelation follows months of scrutiny by Yahoo, Verizon, cybersecurity firms and law enforcement that failed to identify the full scope of the 2013 hack.

The investigation underscores how difficult it was for companies to get ahead of hackers, even when they know their networks had been compromised, said David Kennedy, chief executive of cybersecurity firm TrustedSEC LLC. Companies often do not have systems in place to gather up and store all the network activity that investigators could use to follow the hackers’ tracks.

“This is a real wake up call,” Kennedy said. “In most guesses, it is just guessing what they had access to.”

Source: Reuters

Stop the Data BreachesWhen the news cycle reminds us about the next data breach, remember our Stop the Data Breaches campaign. Learn more about how we can work to prevent future data breaches and press members of our congressional delegations for a legislative solution. Consumers must have the ability to know if they have been compromised and have the tools to protect themselves.

______________________________________________________

Assess Your Systems and Manage Your Risk
Because October is Cyber Security Awareness Month, this is a good time for credit unions to review the systems they have in place to manage their risk.

As technology changes, every credit union faces new security issues. Let Credit Union Resources help you stay on top of it—your future could depend on it. Our team of technology professionals provides guidance on compliance, shares best practices, and performs audits. We have a vested interest in your success, and your cybersecurity matters to us. To find out how we can help you manage cybersecurity and operational risks, contact:

Idrees Rafiq
469-385-6799
800-442-5762, ext. 6799
irafiq@curesources.coop

Deanna Brown
469-385-6464
800-442-5762, ext. 6464
dbrown@curesources.coop

 
About Credit Union Resources Inc.

Credit Union Resources is a service corporation that provides industry-leading solutions and expertise to credit unions across the country. Credit Union Resources is a wholly owned subsidiary of the Cornerstone Credit Union League, a regional trade association representing the interests of credit unions in Arkansas, Oklahoma, and Texas.