It’s no surprise that stolen nude photos of Jennifer Lawrence attract more attention than a nerdy report on Home Depot’s security breach. But it’s an unfortunate reality that Hollywood celebrities need to guard their privacy, whether threatened by paparazzi or hackers. Corporate breaches that expose millions of people to financial loss are, on the other hand, in a different league.
With Home Depot, it’s not yet clear what the scale of any hacking may have been, or whether the company’s systems were violated despite strong defenses. But security blogger Brian Krebs said he had received information suggesting the Home Depot episode could be larger than last year’s hack of Target. That attack, which he first publicized, exposed the credit card data of at least 40 million customers.
Target Chief Executive Gregg Steinhafel quit his job in May following the incident. The company faced other problems, including a botched campaign to expand into Canada. But some analysts reckon the hacking of Target’s U.S. point of sale terminals could eventually cost it $1 billion or more.
Boards and bosses at defense contractors and the like have long known they need to protect against cyberattacks and detect them when they inevitably happen. Target, though, was exposed for weeks, and Krebs says Home Depot’s systems could have been compromised for months. If so, it’s another reminder that many directors aren’t sufficiently alert to virtual threats.
As for Lawrence and others, perhaps Apple and its fellow tech groups could make consumer services like iCloud more secure. Some critics suggested as much this week – one possible reason Apple’s shares slid on Wednesday. But tougher passwords and improved encryption technology, among other options, are already available. Besides, the prime suspect in such cases is often a so-called phishing email or text with a link that someone knowingly clicked on before entering their own confidential data.
It’s unpleasant for Oscar winners, as for anyone else, to have private photographs stolen. But savvy celebrities, sometimes from bitter experience, know not to fall for phishing attacks. In many cases, they also have more sophisticated defenses in place. Companies entrusted with customers’ data need to go much further – and investors should punish any that turn out to have skimped on the task.