The reverberations from the Yahoo security breach are likely to be felt for some time. Every breach poses its own unique challenges, but in LEVICK’s experience the rules of engagement are different for technology companies such as Yahoo. The full breadth of the Yahoo breach is not likely to be fully measured for months.
For data security incidents involving health care and financial institutions, customers, patients, and other stakeholders are naturally concerned because of the sensitivity of the information that the affected companies hold—bank account numbers, pin numbers, Social Security numbers, and proprietary health information, to name only a few.
But with companies like Yahoo, customers assume that a technologically advanced Internet firm should have embraced and mastered state-of-the-art cybersecurity. When they find out that a tech company is just as susceptible to data breaches as non-tech companies, they’re angry. They feel betrayed.
It’s incumbent on Yahoo, therefore, to move swiftly to assuage concerns before a serious backlash develops. Yahoo is that rare situation in which the company will likely be impacted more severely than its customers, which is not always the case in data breaches. Innuendo about a data breach at Yahoo has been circulating for more than a month, which means it’s doubly critical for Yahoo to move quickly in reaching its key constituencies. How the company communicates over the next 48 hours with its own employees (all approximately 10,000 of them), its Board of Directors, and its users will define its long-term recovery.