Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management

07:00 AM
Larry Loeb
Larry Loeb
Larry Loeb

Monster Breaches Do Monstrous Damage

Breaches cause massive amounts of money to fix, as a new report from Bitglass shows.

Bitglass has looked at the top three data breaches of the last three years, and found that a drop in the victim's stock price post-infection was one of the effects.

Their report, Kings of the Monster Breaches, examined the Marriott breach of 2018, the Equifax breach of 2017 and the Yahoo! breach of 2016. These top three breaches affected a mean number of 257 million individuals directly.

The cause of the breaches was external cyber attacks, all of which leveraged phishing, malware, technical vulnerabilities and more. So far, these breaches have cost their individual companies an average of $347 million in legal fees, penalties, remediation costs and other expenses.

After being breached, Bitglass found that the enterprises suffered an average 7.5% decrease in stock price. This leads to a mean market cap loss of $5.4 billion per company. In comparison, the S&P 500 decreased an average of 0.17% over the same timeframe.

Equifax's stock price has not yet recovered, but the other two took an average of 46 days to return to their pre-breach levels. In Marriott's case, unauthorized parties gained access to the reservations that were made between September 10, 2018 and possibly as far back as 2014.

Marriott found out about the existence of the breach while it was attempting GDPR compliance. GPDR is now fining Marriott $912 million. Marriott experienced a 5.6% drop in share price following the breach. There are multiple lawsuits pending about the situation.

Yahoo's 2016 breach is almost unimaginable in its size. There were two breaches reported. In September of 2016, 500 million users were found to have been breached. But that pales in significance against what showed up in December, an attack involving over 1 billion users. Compromised information included PII, which was initially collected in 2014 and used through December of 2016.

Yahoo! spent over $95 million on remediation and legal fees, as far as can be determined. They were also fined an additional $35 million cause they did not disclose the hacks to investors.

The breach at Equifax occurred because of a flaw in unpatched open-source software that was used by the credit reporting company. ("It was on a production machine, we couldn't stop it to patch!" was one of the excuses floating around post-breach.)

Attackers were able to access sensitive data such as Social Security numbers, credit card numbers, full names, dates of birth and home addresses -- all the financial good stuff. Over 143 million people had their personal information impacted by the event.

Worse, it took roughly two months for the breach to be discovered. The company's CSO, Susan Mauldin, and CIO, David Webb, were taken out to the woodshed and "retired" immediately after the incident became public.

The stock got hit hard, too. Shares of Equifax dropped nearly 14% the day after the announcement, and 31% within two weeks.

Over 143 million people had their personal information impacted by the event.

Equifax faced $439 million in legal, remediation, insurance, and investigation costs for the breach.

Breaches cause massive amounts of money to fix, as the report shows. Not only that, the intrinsic value of the victim may be affected in a permanent way.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-09
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remoto attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.
PUBLISHED: 2020-07-08
NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
PUBLISHED: 2020-07-08
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect...