AOL: Early Email CybercrimesThe timeline of large-scale email breaches dates back more than a decade to 2004, when AOL employee Jason Smathers stole the information for 92 million accounts and sold it to spammers who were pitching an offshore gambling site. This sale resulted in account holders receiving a total of 7 billion unsolicited emails. There was a new anti-spam law that was passed earlier that year, and Smathers was one of the first to be prosecuted. "Cyberspace is a new and strange place," said Smathers. "I was good at navigating in that frontier, and I became an outlaw." The world of cybercrime was still new to the courts, and the judge, though lenient in his sentencing, made it clear that the "Internet is not lawless." He explained: "The public at large has an interest in making sure people respect the same values that apply in everyday life, on the Internet." 92 million AOL accounts breached in 2004 cost the company $400,000 to millions of dollars.
Yahoo: The High Cost of Minimal Email SecurityIn a series of Yahoo breaches, a total of 1.5 billion email accounts were compromised. The hacks took place between 2013 and 2014, and the public was not notified until late 2016. The announcement of the hack emerged during negotiations to sell the company to Verizon for $4.8 billion. Some say the hack was a result of Yahoo’s denial of financial resources to its security team. The company had been rapidly losing its user base to Google’s collection of apps, including Gmail, so it was not willing to add friction to its current users by implementing additional security measures. Shockingly, the company did not even implement a mandatory password change for users after the breach because it didn’t want to inconvenience users and shrink its base. The sale price for the data on the dark web went from $300,000 in 2015 to $200,000 in 2016, with the reduction in value from some users changing their passwords. Therefore, it can be assumed that only about one-third of users voluntarily and proactively changed their passwords despite their login credentials being available for sale. 1.5 billion Yahoo accounts nearly cost the company its $4.8 billion sale to Verizon.
Sony: Between Governments and CorporationsIn November 2014, the corporate network of Sony Pictures was compromised, and 46,800 contractors and employees were exposed to identity theft which included stolen Social Security numbers and scanned passports. The sum of the stolen data amounted to 100 terabytes, including four unreleased movies and endless emails between employees. The tabloids lit up with leaked emails of behind-the-scenes celebrity name-calling, salary comparisons, and more. The hack was accomplished by the group known as “Guardians of Peace,” which has ties to North Korea. The group also threatened a 9/11-type attack on movie theaters that screened Sony’s film, “The Interview,” a satirical spy comedy about the assassination of North Korean leader Kim Jong-un. The state-sponsored hack prompted President Obama to impose increased sanctions on North Korea. “We take seriously North Korea’s attack that aimed to create destructive financial effects on a U.S. company and to threaten artists and other individuals with the goal of restricting their right to free expression," said Press Secretary Josh Earnest. North Korean hackers cost Sony $35 million plus the revenue loss from not screening “The Interview” in theaters.
ConclusionEstimated costs of a data breach are about $221 per stolen record. But more than this direct cost of security cleanup, there is the bad publicity, the loss of consumer confidence, and the business challenges after having private emails become public. With email being an integral part of personal and business life, the importance of good email security cannot be understated.