Security breach updates: Yahoo triples original number of accounts affected in 2013 leak, Equifax revises downward

We seem to hear about new security breaches every week, but there have been two significant updates to previously announced cyber attacks. Do you want the good news or bad news first?

The bad

Yahoo has announced that the number of user accounts affected during its August 2013 data theft, which was disclosed mid-December 2016, is actually much higher than originally estimated. In 2016, the company said approximately one billion accounts had likely been impacted, but new intelligence says this number is now as high as three billion – essentially all of its users and almost half the planet’s population.

It was already dubbed as the largest data breach ever, and this revision only cements Yahoo’s place at the top of an undesirable list.

The hack exposed user account information, such as names, email addresses, passwords, birthdays, phone numbers, and in some cases, encrypted or unencrypted security questions and answers, according to Yahoo’s 2016 memo.

Now, the company is saying that its latest investigation of the breach, which stems from Verizon officially acquiring Yahoo in June 2017, indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information tied to the accounts.

“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” Chandra McMahon, chief information security officer at Verizon, says in an Oct. 3 press release. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”

The good

In slightly better news, Equifax Inc. is revising its estimate of the number of Canadians that may have been affected by the security breach it announced on Sept. 7. Its original figure of 100,000 Canadians has been significantly downsized to 8,000, thanks to an investigation by Mandiant, which has finished its forensic probe.

“The completed review subsequently determined that personal information of approximately 8,000 Canadian consumers was impacted,” says an Oct. 2 press release. “In addition, it also was determined that some of the consumers with affected credit cards announced in the company’s initial statement are Canadian. The company will mail written notice to all of the potentially impacted Canadian citizens.”

Newly appointed interim CEO, Paulino do Rego Barros, Jr., reaffirms that the company’s priorities are “transparency and improving support for consumers,” and adds that she will “continue to monitor [Equifax’s] progress on a daily basis.”

In a previous release, Lisa Nelson, president and general manager at Equifax Canada, apologized to Canadian consumers who may have been impacted

“We understand it has also been frustrating that Equifax Canada has been unable to provide clarity on who was impacted until the investigation is complete. Our focus now is on providing impacted consumers with the support they need,” she said on Sept. 19.

Would you recommend this article?

0
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Mandy Kovacs
Mandy Kovacshttp://www.itwc.ca
Mandy is a lineup editor at CTV News. A former staffer at IT World Canada, she's now contributing as a part-time podcast host on Hashtag Trending. She is a Carleton University journalism graduate with extensive experience in the B2B market. When not writing about tech, you can find her active on Twitter following political news and sports, and preparing for her future as a cat lady.

Related Tech News