IT Reshoring News

October 07, 2016

Yahoo’s Breach of Trust

Yahoo's recent hack, and their very delayed announcement of it, is a scary example of what can happen when you offshore your IT. Data security is important for all of us.

Today’s Reshoring News isn’t strictly about companies who’ve sent their IT offshore.  But it is a scary example of the security risks offshoring your IT can present.

Yahoo announced recently that it had a data breach.  It caused an uproar—but not just because the breach put millions of users’ data in jeopardy.  People are upset because Yahoo waited 18 MONTHS to announce the breach!

Yahoo breach; State-sponsored actors suspected, at least 500 million accounts affected – SC Magazine

That’s over a year-and-a-half that Yahoo waited to inform users that they had been affected.

Hemant Bhargava, Professor of Technology Management at UC Davis, pegs the breach’s liability cost at between $25 and $200 per user.  That might seem small, until you realize that we’re looking at 500 million users affected!

During the announcement, Yahoo recommended that users change their passwords and use caution when opening suspicious links moving forward. 

Now, changing your password is always a good practice.  We recommend doing so at least a few times per year.

However, doing so on an account compromised for two years won’t help the damage already done.  Think of it like this:

Firefighter – “We have some bad news. Your vacation home caught fire.”

Homeowner – “Oh no! Are you fighting it, right now?”

Firefighter – “No, it happened two years ago. It burned to the ground.”

Homeowner – “So why are you telling me this just now?”

Firefighter – “Because we wanted to stop by and give you this bucket. Fill it with water today as a safety measure.”

Yahoo, having taken the same approach to not “extinguishing the fire,” now faces a class-action lawsuit, as well as a potential Congressional investigation.

The Larger Problem:  Data Breaches like Yahoo’s affect the Entire Internet

This is about more than a hacker reading emails sent from a Yahoo account.  Stealing over 500 million passwords has a ripple effect across the entire Internet.  As one University of Pennsylvania security researcher described it, “Data breaches on the scale of Yahoo are the security equivalent of ecological disasters.”

Imagine that this same type of breach happened to Bank of America.  Facebook.  Or the U.S. Defense Department.  Instead of passwords and phone numbers, imagine if the hackers had acquired routing numbers.  Identity data.  Backdoors into major datacenters.

See where we’re going?  This is not simply about one company making a major mistake. This is about all of us needing to protect data before it gets stolen.

What You Can Do:  Encourage Your Representatives to Enforce Strong Data Security

With more emphasis placed on data security, both in the private sector and in government, data like this becomes much safer for everyone.  As a result of the Yahoo breach, Sen. Richard Blumenthal (D-Conn.) and others are actively pushing for a Congressional investigation

Want to help?  Contact Senator Blumenthal and his Congressional backers to show your support.  We’ve made it easy.  Just click this link, and an email will auto-populate.  Just add your name and click Send.

Email Senator Blumenthal

Additionally, you can contact your state senator and urge strong data security practices. If we don’t all strive to keep data secure, lackadaisical approaches, as evidenced by Yahoo and other large companies, only encourage hackers.

The more data hackers can obtain, the less safe everyone is.