With Data Breaches, Bad News Can Show Up Well Down the Road

The revelation that the data breach at the U.S. government's personnel office was actually much worse than the government originally thought is following a familiar script.

That's been the case in many recent high-profile hackings at major U.S. companies. Target, Home Depot and TJX all had to announce additional bad news weeks after going public with their breaches.

The Obama administration said Thursday that hackers stole Social Security numbers from more than 21 million people and took other sensitive information when government computer systems were compromised. That's up from the 14 million figure investigators gave The Associated Press last month.

The hacking ultimately prompted the Friday resignation of Office of Personnel Management Director Katherine Archuleta.

Whether it's the government or a major corporation that's been breached, time is of the essence when it comes to informing the people affected, so they can take the steps needed to protect themselves and their personal information. That prompts many hacked entities to go public before all the facts are in.

Meanwhile, inadequate data security measures can make it tough for whoever has been hacked to quickly get a handle on how bad the damage actually is.

As a result, bombshells of bad news such as Thursday's can fall well after the initial dust has settled.

Adam Levin, chairman and founder of the security firm IDT911 Consulting, blamed the "woefully inadequate" state of data security in both government and at major corporations.

"Any organization that has personal identification information needs to know exactly what they have and where they have it," Levin says. "Otherwise, you may not find out for months that information has been stolen in a breach."

Here's a look at some of the highest-profile breaches in recent years:

Home Depot

Home Depot said in September 2014 that 56 million debit and credit card numbers were compromised in a months-long breach of its...

Comments are closed.