No one wants to hear that a company they do business with has suffered a data breach. In the past few years, people around the world have been shocked to hear that major insurance companies and credit bureaus have been able to be breached. The idea that someone has unauthorized access to that kind of sensitive information is bad for individuals and private companies.
In 2019 alone, there have been at least a half-dozen serious data breaches that impacted major companies. The size and cost of these breaches has also increased. Governments have been quick to fine these companies for having insufficient security in place. These breaches have impacted businesses located around the world and operating in a number of key industries.
One of the biggest fines of 2019 was doled out to British Airways by the UK’s Information Commissioner Office. In 2018, British Airways’ had a security breach that impacted almost half a million people. In July 2019, BA was hit with a fine of over £180 million. That works out to about $230 million in US dollars. It’s clear that the ICO wanted to send a serious message with a fine this size. People’s information security has real value: without trust, consumers will be less likely to trust British institutions. Information security is important for the economy and companies must take it seriously.
Another data breach took place in the US, where all of Yahoo’s users from 2012 to 2016 were exposed in a data breach. This led to one of the largest class-action lawsuits in US history. Yahoo is expected to pay out about $100 and/or two years of credit monitoring to all of the impacted users. This is expected to total about $117 million USD. In addition to US customers, some of the company’s Israeli users were also impacted.
Regulators in the US have also fined companies like Uber for failing to report data breaches appropriately. As more companies harvest and utilize data from their users, it’s clear that governments are holding them to standards. These fines and lawsuits are enforcing the idea that companies must be responsible to their users.