Dealing with Data Breaches: Evaluation of Yahoo

Overview of the company and the breach

Yahoo has experienced a significant data breach in recent years. Data breaches occur daily in many companies in the world. Data is the most essential aspect of the organization. If data is lost, this could mean the end of any organization. Data breaches involve cases where the firm exposes its crucial information or that of its customers to unauthorized people. A data breach could happen accidentally or could be perpetrated by some people, for instance, the employees. It is the role of the organization to protect its data and also customers’ information. Most of the time, data is protected through the use of passwords and encryption (Trautman & Ormerod 2016). Yahoo, being an internet service company, has so many transactions at a particular time. Many account holders use passwords to access them. A significant data breach occurred in the year 2014, when hackers compromised the accounts of about 500 million users. The hacking led to the tampering of names as well as the security names of the various accounts. This has been the most significant data breach in history. The breach occurred when Yahoo was in negotiations with Verizon as the owners planned to sell it. The breach affected the value of the organization, which lowered its value from its highest price of $100 billion to only $4.8 billion paid by Verizon (Thielman 2016). It is believed that the breach cost Yahoo about $350million of the previously agreed price of sale. The company lost many customers as they could no longer trust the management and the ability to secure their information. As expected, the company has a legal obligation to ensure that it protects customers’ information and data from being accessed by unauthorized people (Fahey & Wells 2016). Yahoo has the role to play in restoring customers’ data and also retaining their confidence. In the end, Yahoo and Verizon agreed to share in the legal liabilities of the breaches caused in between their negotiations. It is believed that some crucial information about Yahoo leaked during their sale negotiations. Therefore, they were all responsible for the losses incurred.

Response from an ethical perspective

To the customers

The first response after the breach was to handle the case to retain the confidence of the customers. Yahoo made a point of letting the customers know that their accounts had been jacked and could have been manipulated. Yahoo, therefore, decided to share the truth of the matter with the customers. This was done in good time to allow the customers to determine if their accounts had been affected. It is the ethical obligation of every organization to give the correct information to customers. It is normal in the market to have businesses that lie to customers as a weapon against losing them. Yahoo had to risk by letting the customers know that all was not well. They also provided the right steps that they could use to have their accounts back (Cheng, Liu & Yao 2017). The main form of protection of Yahoo accounts is through passwords and security names. The company shared the process through which customers could reset their accounts and thus regain their control. The company, therefore, applied a disaster recovery strategy as the first step rather than trying to hide the fact that hacking had taken place. This is how Yahoo managed to retain many of its customers despite having a major loss.

To the Employees

The company determined that the hacking that took place required a high level of skills for the employees to be able to handle. The employees working for the company at the time were unable to identify the early signs that the attack was occurring (Cheng, Liu & Yao 2017). The level of skills of the employees was, therefore low. The management took the responsibility of training the employees on the various attacks that could occur in the future. The training sessions took place continuously, which enabled the employees to match the changing nature of hacking. Their ability at work identifies quality employees. More and updated skills mean that they can handle major threats to the organization.

The other way in which the company responded ethically to the breach regarding the employees is by taking the entire responsibility. The type of attack under consideration was high-tech. Most of the employees at the time could not be able to identify the same in its early stages. The organization did not victimize any of the employees during the time of the attack. Instead, the entire legal obligation was taken up by the organization. The form had to compensate and meet the legal obligations for such breach. It is the company that faced all the legal suits that were laid against the employees and therefore saved them the menace. It is the ethical responsibility of the organization to protect innocent employees and stand on their behalf whenever they are under threat. The ethical treatment of Yahoo to its employees enhanced its ability to retain many of them in the long run.
References

• Cheng, L., Liu, F., & Yao, D. D. (2017). Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7(5).
• Fahey, M., & Wells, N. (2016). Yahoo data breach is among the biggest in history.
• Thielman, S. (2016). Yahoo hack: 1bn accounts compromised by biggest data breach in history. The Guardian, 15, 2016.
• Trautman, L. J., & Ormerod, P. C. (2016). Corporate Directors’ and Officers’ Cybersecurity Standard of Care: The Yahoo Data Breach. Am. UL Rev., 66, 1231.