Growing up in central Ohio, I often drove past a small McDonald's and wondered how that little store sold 65 billion hamburgers. And, every so often, the number would change, much the way the price signs at the gas stations changed - a lone guy with a long pole and a giant number at the end of the stick.
I thought about that today when Yahoo disclosed that it 2013, all 3 billion of its acocunts were hacked. Yep, that's right. Every. Single. Yahoo. Account.
Which means that somewhere in Sunnyvale, California, there may well be a guy with a big "3" on a stick, patiently trying to wiggle it into a spot that previously held a "1" (which was the perceived extent of the breach until today's announcement).
The number made the rounds of both the tech and general press fairly quickly. According to cnet.com, the extent of the breach was found following a forensic investigation that commenced after Verizon purchased the online service. Cnet.com also wondered whether Verizon would have reduced its purchase price even further had the extent of the hack been known prior to the sale (the price was reduced earlier this year by $350M when the 2013 hack was first disclosd).
In an announcement today, Verizon subsidiary Oath stated that Yahoo! would be sending email notifications to affected customers (I haven't received mine yet, but there are probably a couple of billion people in front me. Literally).
The revelation is startling, and comes on the same day that former Equifax chairman and CEO appeared before Congress to answer questions about the credit reporting agency's hack.
These recent revelations hold some lessons for both consumers and providers.
In an increasingly digital age, it is difficult to avoid providing private information on-line. Banking, credit card transactions, and job applications are just a few examples of instances in which on-line information exchanges are quickly supplanting traditional telephone, fax, or snail mail to an ever-increasing degree. Firms that hold private information should similarly distinguish between that information which is necessary, and that information which can be scrubbed. Limiting the amount of data collected and then frequent clearing of that data can reduce opportunities for losing control of sensitive data in a breach.
NTCA is hosting a Cyber Security Summit later this month in Kansas City, MO. The program will focus on understanding the threat environment, partnering with law enforcement, the use-case for cyber insurance, supply chain risk management, and other critical topics. Register here and learn how you can mitigate the risk of needing that sign-changing pole.