*It's like worrying about having holes in your breaches. Eventually you just get used to going ragged.
https://slim-weight.info/story/wired-guide-to-data-breaches/%3C/p%3E%3Cdiv%3E%3C/div%3E%3Cdiv%3E%3C/div%3E%3Cp class="paywall">Today, data breaches are so common that the cybersecurity industry even has a phrase—“breach fatigue”—to describe the indifference that can come from such an overwhelming and seemingly hopeless string of events. And while tech companies, not to mention regulators, are starting to take data protection more seriously, the industry has yet to turn the corner. In fact, some of the most disheartening breaches yet have been disclosed in the last couple of years.
Yahoo lodged repeated contenders for the distinction of all-time biggest data breach when it made an extraordinary series of announcements beginning in September 2016. First, the company disclosed that an intrusion in 2014 compromised personal information from 500 million user accounts. Then, two months later, Yahoo added that it had suffered a separate breach in August 2013 that exposed a billion accounts. Sounds like a pretty unassailable lead in the race to the data-breach bottom, right? And yet! In October 2017, the company said that after further investigation it was revising its estimate of 1 billion accounts to 3 billion—or every Yahoo account that existed in August 2013.
There are few companies that even have billions of user accounts to lose, but there are still other ways for a breach to be worse than the Yahoo debacles. For example, the credit monitoring firm Equifax disclosed a massive breach at the beginning of September, which exposed personal information for 147.9 million people. The data included birth dates, addresses, some driver's license numbers, about 209,000 credit card numbers, and Social Security numbers—meaning that almost half the US population potentially had their crucial secret identifier exposed. Because the information stolen from Equifax was so sensitive, it's widely considered the worst corporate data breach ever. At least for now.
Equifax also completely mishandled its public disclosure and response in the aftermath. The site the company set up for victims was itself vulnerable to attack, and it asked for the last six digits of people's Social Security numbers to check if their data had been impacted by the breach. This meant that Equifax was asking Americans to trust them with their data all over again....
