Grafvision - Fotolia
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the expanding scope of the Equifax and Yahoo breaches and the long-term effects of these major security incidents.
The massive Equifax and Yahoo breaches got even worse as new disclosures emerged about the growing scope and damage of these incidents.
A new filing with the U.S. Securities and Exchange Commission from Verizon, which acquired Yahoo recently, stated the 2013 data breach affected all of the company's 3 billion user accounts; previous statements from the company estimated the number of affected accounts to be around 1 billion.
The breach exposed user account information such as names, email addresses, telephone numbers, dates of birth, encrypted and unencrypted security questions, and passwords protected with the outdated MD5 hashing algorithm.
In addition, Equifax stated an additional 2.5 million U.S. consumers were affected in the credit bureau's recent breach, bringing the total number of affected Americans to 145.5 million. Former Equifax CEO Rick Smith testified before Congress last week and provided additional details about what led to the breach.
How are the Equifax and Yahoo breaches affecting the public's tolerance for these types of security incidents? Why are these companies still revising the number of affected users many months after the initial detection? How will breaches like this be handled under the General Data Protection Regulation's 72-hour breach notification deadline? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more on the Equifax and Yahoo breaches in this episode of the Risk & Repeat podcast.
Risk & Repeat: Is there too much victim-blaming in cybersecurity?
Risk & Repeat: McAfee attacks Kaspersky Lab over government ban
Risk & Repeat: Equifax breach attributed to Apache Struts flaw