On July 12, 2012, Yahoo revealed the theft of information from more than 400,000 accounts, including email addresses and passwords. On June 6, over six million passwords were stolen in a hack of the professional networking site LinkedIn.com, and it was reported that a user in a Russian forum uploaded 6,458,020 hashed LinkedIn passwords. Several critics of LinkedIn’s security implementations demonstrated that even with old and slow hardware, the 6.5 million passwords could be cracked in a matter of hours. On Friday, March 30, VISA and MasterCard alerted banks about the major security breach of U.S.-based credit card processor Global Payments. They disclosed that the account information of approximately 1.5 million people had been stolen. Enough information was contained in those accounts to allow one to counterfeit new credit cards. Krebs on Security, the blog that first reported the incident, said that the accounts had been compromised for over a month, between January 21, and February 25. As usual, it wasn’t the company but a security blogger named Brian Krebs who broke the news.
It follows a pattern common among other data breaches: customers who may have been affected by the data theft are often the last to know, and they find out weeks—sometimes months—after their credit-card information is extracted. These incidents are a small fraction of the security breaches that occur every year. Corporations who ask users for their personal information have a responsibility to protect it. This isn’t a question of whether the information can be protected, but whether companies will choose to. When users are neglected to the point where their security is comprised, it reveals that companies have more problems than just weak security. It shows irresponsibility. When margins come before users, everyone loses out in the end.