(The author is a Reuters Breakingviews columnist. The opinions expressed are his own.)
By Richard Beales
NEW YORK, Sept 3 (Reuters Breakingviews) - It's no surprise that stolen nude photos of Jennifer Lawrence attract more attention than a nerdy report on Home Depot's security breach. But it's an unfortunate reality that Hollywood celebrities need to guard their privacy, whether threatened by paparazzi or hackers. Corporate breaches that expose millions of people to financial loss are, on the other hand, in a different league.
With Home Depot, it's not yet clear what the scale of any hacking may have been, or whether the company's systems were violated despite strong defenses. But security blogger Brian Krebs said he had received information suggesting the Home Depot episode could be larger than last year's hack of Target. That attack, which he first publicized, exposed the credit card data of at least 40 million customers.
Target Chief Executive Gregg Steinhafel quit his job in May following the incident. The company faced other problems, including a botched campaign to expand into Canada. But some analysts reckon the hacking of Target's U.S. point of sale terminals could eventually cost it $1 billion or more.
Boards and bosses at defense contractors and the like have long known they need to protect against cyberattacks and detect them when they inevitably happen. Target, though, was exposed for weeks, and Krebs says Home Depot's systems could have been compromised for months. If so, it's another reminder that many directors aren't sufficiently alert to virtual threats.
As for Lawrence and others, perhaps Apple and its fellow tech groups could make consumer services like iCloud more secure. Some critics suggested as much this week - one possible reason Apple's shares slid on Wednesday. But tougher passwords and improved encryption technology, among other options, are already available. Besides, the prime suspect in such cases is often a so-called phishing email or text with a link that someone knowingly clicked on before entering their own confidential data.
It's unpleasant for Oscar winners, as for anyone else, to have private photographs stolen. But savvy celebrities, sometimes from bitter experience, know not to fall for phishing attacks. In many cases, they also have more sophisticated defenses in place. Companies entrusted with customers' data need to go much further - and investors should punish any that turn out to have skimped on the task.
CONTEXT NEWS
- Home Depot said on Sept. 2 that it was working with law enforcement to investigate "some unusual activity" related to customer data, but that it could not confirm if it had become the latest retailer to be hit by a large-scale security breach.
- The statement came after security website KrebsonSecurity reported that multiple banks had seen evidence that Home Depot may be the source of stolen credit and debit cards put up for sale on underground markets.
- Brian Krebs, who also first reported a security breach at Target last year, wrote on his website that his preliminary analysis indicated the problem could affect all of Home Depot's 2,200 stores in the United States. He said several banks he contacted believed the breach could extend back to April or May of this year.
- Apple said on Sept. 2 that hacks leading to the theft of photos of nude Hollywood celebrities, including actress Jennifer Lawrence, were the result of targeted attacks on accounts and not a direct breach of systems such as the company's iCloud storage service.
- In the wake of the breach, cybersecurity experts and mobile developers have noted inadequacies in Apple's security and cloud-services security in general.
- Home Depot statement: http://thd.co/Wc1B7X
- Apple statement: http://bit.ly/1vNRrcU
- Reuters: Home Depot says probing 'unusual activity' after data breach report
- Reuters: Celebrity hacking clouds Apple's upcoming product launch
RELATED COLUMNS
Cyber job insecurity
Hacktivist investing
Moving Target
Off Target
- For previous columns by the author, Reuters customers can click on (On Twitter https://twitter.com/richardbeales1. Editing by Reynolds Holding and Martin Langfield)
Our Standards: The Thomson Reuters Trust Principles.
