Yahoo posted a security advisory on December 14th, 2016 advising all users of a second data breach. This breach has resulted in a data compromise of over 1 billion user accounts and could cost Yahoo’s shareholders dearly.
Second Data Breached Confirmed
External forensic investigators confirmed data files provided by law enforcement in November contained legitimate Yahoo user data. The advisory reiterates this breach is ‘likely distinct’ to the incident disclosed on the September 22, 2016 where 500 million accounts were compromised.
Consequences for Yahoo’s Planned Merger
The company’s share price fell over 5% on release of this news. This comes at a very precarious time for the company due to its pending merger with Verizon. Announced in July 2016 the merger was valued at $4.83 Billion. Verizon indicated to Forbes in October 2016, that the planned merger was at risk as a result of the September breach. Bloomberg has reported that this second breach could in fact open the door for Verizon to lower the deal price or even call off the merger altogether.
Data Breaches in 2016
High visibility incidents of this nature have made the news weekly in 2016. IdentityForce has compiled a list of the biggest breaches of 2016 which shows the scale of the problem. This list totals over 20 major breaches. That is an average of 1.6 per month. The 2016 list includes names such as the IRS, Snapchat, DropBox, Linkedin and Cisco.
The Cost of a Data Breach
It has always been difficult to quantify the cost of a data breach. IBM has stated this as $4 Million in 2016 up from $3.8 Million in 2015. This data is based on an IBM sponsored study conducted by the Ponemon Institute. This calculated cost could be much higher for Yahoo shareholders if Verizon walks away from the deal.
Business Reluctance to invest in IT Security
Many IT professionals have on many occasions raised the risk of poor IT security. Organizations have generally paid lip service to IT security seeing it as a cost as opposed to a strategic asset. Compliance has forced organizations to invest in applying the bare minimum in securing their data, networks and applications. Unfortunately we will continue to see data breaches of this magnitude until organizations see the strategic importance of having a secure environment. The intangible benefit of security is the creation of customer trust in your brand. The cost of the breaches suffered by Yahoo would be priced at $4.3 Billion, should Verizon decide to walk away from the deal. Perhaps this is the catalyst we need to induce the organizations to act. Investing in securing data and systems ultimately buys customer trust.