Another corporate data breach. It seems like it happens almost every day. However, the Yahoo! data breach reported yesterday afternoon is not like most others.
Yahoo reported that the personal details (username, date of birth, telephone numbers, email addresses, etc.) of between 400 and 500 million user account had been stolen over two years ago, but they just discovered it recently. In fact, they didn’t discover the breach – they were notified after an internet auction site offered the information for sale. This could be the largest theft of non-company personal information ever (the Sony hack two years ago was larger, but only contained personal information of Sony employees and contractors).
Yahoo is now advising its users to change their passwords. While changing passwords on a periodic basis is always a good idea, doing it in light of this theft is even more important.
This breach highlights one of most compelling reasons to embrace Information Governance in the Internet age – it is not a matter of if you will be breached, but when you are breached. If you take this attitude, knowing what information you have so that you can protect the crown jewels becomes a no-brainer.