Mega breaches involving millions of compromised records continue to make headlines. For example:
The Equifax breach revealed the names, Social Security numbers, birth dates, and addresses of almost half of the total U.S. population. Around 400,000 U.K. customers were also reportedly affected. Final findings revealed a total of 145.5 million exposed records.
At SingHealth, Singapore’s largest healthcare group, the nonmedical personal data of 1.5 million patients was reportedly accessed, including their national identification number, address, and date of birth as part of the attack. The stolen data also included the outpatient medical data of 160,000 patients.
In March of this year, the athletic wear company Under Armour disclosed that data tied to its fitness app was breached this year, affecting 150 million user accounts. Users' usernames, email addresses and passwords were affected
In August of this year, British Airways said that names, addresses, email addresses, and sensitive payment card details from 380,000 transactions were all compromised.
Though people have reached a seeming point of desensitization to news citing a data breach, protecting user data has become increasingly important amid stricter regulation implementation. Companies are no longer just required to announce that their systems have been breached but also pay fines that can reach up to 4 percent of their annual turnover should they deal with the data belonging to European Union (EU) citizens in accordance with the General Data Protection Regulation (GDPR) requirements.
Sources
--------------
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/data-breach-101
So how many in the room are dealing with regulations and guidelines? How many are dealing with multiple. This is just a subset of regulations that your company may need to comply with.
The new kid on the block is GDPR. If you deal with the EU – no matter where your company resides – you need to comply to it.
Data breaches continue to be costlier and result in more consumer records being lost or stolen, year after year. In 2017 there were over 1500 data breaches in the United States alone and over 170 million records exposed.
A data breach involving more than one million compromised records, is referred to as a mega breach.
A mega breach of 1 million records yields an average total cost of $40 million
A mega breach of 50 million records yields an average total cost of $350 million
While we continue to hear about mega breaches the cost of smaller breaches is also in the millions of dollars.
What contributes to these costs is:
Detection activities such Forensics & Auditing Services
Notification Costs, including communicating with Regulators
Legal Costs and regulatory fines
Lost business and company reputation
----------------
Sources
https://databreachcalculator.mybluemix.net/assets/2018_Global_Cost_of_a_Data_Breach_Report.pdf
https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/)
CC numbers not real !
gen_blacklist() – searches for first arg in dict1 and returns a random element from dict2 if found otherwise the original arg
gen_dictionary() – random element from a dictionary.