Three high-profile hacks from last year, and what we learned from them

There is a worldwide conflict going on between organisations of all sizes and hackers and, despite the efforts of cyber security personnel, each year there are a number of notable hacks. Last year saw plenty of high-profile incidents make the mainstream news, but what lessons can we learn from them?

1. Ashley Madison

Ashley Madison, the dating site for people that want to have an affair, has a relationship that relies on secrecy. Users naturally do not want their spouses to know that they are looking for potential sexual partners.

The 2015 Ashley Madison hack resulted in over 30 million user details being accessed. Though personal data has not been made public, it caused anxiety amongst its users who feared that they could be exposed to their family.

Not everyone is sympathetic to the plight of Ashley Madison customers. Some have ethical objections to people actively seeking an affair, and some believed that members “deserved it”. The counter argument is that not everyone who joined the site actually had an affair and what people do in their private life is their own business.

No matter what moral stand you have on Ashley Madison members, the data breach has implications for all membership websites. To address this issue, the website Have I Been Pwned?, is a free resource where people can find out if their personal data has been leaked from the Ashley Madison site, as well as other high-profile security leaks.

A similar breach took place on AdultFriendFinder in 2015 when nearly four million membership details were hacked. The hackers demanded money to keep the data private. AdultFriendFinder refused and the records were made public. As the site targets people looking for sexual relationships or flings, exposing members can lead to embarrassment and severe stress.

Making membership sites secure is vital. It does not matter whether the site deals with adult themes or not; members of websites expect that their privacy will be respected and not leaked.

2. Bitdefender

Bitdefender sells anti-virus and security software. In July 2015, it admitted that hackers exposed a number of customer accounts and password details, but it played down the incident by claiming that very few of their customers’ details had been accessed. The anonymous hacker, who went under the name of DetoxRansome, demanded $15,000, which Bitdefender did not pay. The company said that it has plugged the hole in its systems to prevent a similar hack happening again.

Bitdefender uses Amazon cloud services to hold some of its data, but Amazon says that, though it provides cloud infrastructure, each user of its service is responsible for the security of any applications that run on Amazon servers.

This incident shows that even companies that are in the business of cyber security are not impervious to attacks.

3. Telecom Regulatory Authority of India (Trai)

Not all cyber privacy breaches are caused by malicious persons. Last year, the Telecom Regulatory Authority of India issued a consultation document on net neutrality. It invited comments from service providers, associations and other interested parties. The response was overwhelming, with over one million comments posted. This caused the website to crash for a while.

In the spirit of transparency, Trai published all the comments on its website, but did not keep the email addresses of the commentators private.

An Indian hacking group, AnonOps, objected to this, arguing that spammers could have easily harvested the emails to send out spam. It mounted a denial-of-service (DoS) attack in April 2015 that crashed the website. It justified the attack by saying that its aim was to protect the privacy of the commentators.

The lessons to be learned

What these three high-profile hacks reveal is that no company, no matter how large they are, is 100% immune to determined hackers.

The first thing that breached companies need to deal with is media attention. After TalkTalk was hacked in October 2015, its Chief Executive Officer Dido Harding appeared on television to explain what had happened. She could not say exactly what data had been stolen and admitted that not all customer data was encrypted. She defended this by saying that encrypting customers’ data was not a legal requirement.

Her words did not inspire confidence amongst TalkTalk customers. As a result, it’s estimated that around 25,000 TalkTalk customers left after they heard the news about the hack.

TalkTalk is not a good example of using the media to assure customers after a cyber attack becomes public. Once news about an attack is known, it is very difficult to restore confidence in the security of a business’ IT systems.

Even when companies do pay ransom demands to hackers, they can suffer financial loss through customers leaving and the consequent fall in their share price.

The average user cannot prevent security breaches. One method to limit potential damage on membership sites is to create a new free email address using Hotmail or Outlook address each time you sign up to a website. If the email is leaked, then it will not be one you regularly use. This works, but many people would not see this tactic as worth the effort.

If a company has your credit card details, then as soon as you hear of a suspected breach, a call to the credit card company can cancel the card.

Some security experts view cyber attacks like a war, with the hackers determined to create chaos through their hacking, and cyber security personnel developing better systems and security protocols to combat the hackers.

There are many companies researching more sophisticated technologies to protect their company IT systems. No matter how efficient these systems are, it could be that no security system will ever be 100% secure. In many areas of life, including travel, sporting events and social life, we know that there is a certain amount of risk. As long as cyber security risks are minimised, they may become acceptable.

The public expects companies to be vigilant in their cyber security efforts by employing expert cyber security personnel and utilizing the best encryption and security software.

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • RANT Events
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001





Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?


Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you


Thank you for successfully uploading your CV.

Acumin Alerts


Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.



Thank you for submitting your vacancy.


Create an account to register your contact details, sign up for job alerts and upload your CV


Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management

Submit a Vacancy

Use the form below to submit a vacancy