Case Study: Yahoo Data Breach

The Yahoo data breach, occurring in August 2013 and impacting 3 billion accounts, stands as one of the largest in history. Initially disclosed in December 2016, Yahoo’s estimated number of affected accounts jumped from over a billion to 3 billion within a year. This breach was revealed during Yahoo’s acquisition by Verizon, which still proceeded with the purchase at a reduced price. The breach exposed account information like security questions and answers.

Case Study: Facebook Data Privacy Scandal 

In 2019, Facebook faced a monumental $5 billion fine from the U.S. Federal Trade Commission (FTC) due to the Cambridge Analytica scandal and other privacy violations. This fine remains the largest ever imposed by the FTC, reflecting the severity of Facebook’s mishandling of user data and the widespread public and political fallout that ensued.

The scandal, one of the most notorious in data privacy history, highlighted significant concerns over the protection of user information on social media platforms. Despite the initial $5 billion penalty, Facebook ultimately settled the matter in court for $725 million.

Case Study: Shein Intellectual Property Lawsuit

Designers Krista Perry, Larissa Martinez, and Jay Baron filed a lawsuit against the e-commerce giant Shein, accusing it of selling exact copies of their creative works, utilizing the civil racketeering laws under the Racketeer Influenced and Corrupt Organizations Act (RICO).

The lawsuit targeted Shein’s complex corporate structure and production strategy, which they argue facilitates intellectual property theft and complicates accountability. Shein responded by emphasizing their commitment to addressing infringement claims seriously and defending against baseless allegations. Experts suggested that Shein’s approach of producing small batches based on algorithm-detected trends complicates copyright and trademark enforcement, potentially leading to costly lawsuits with minimal rewards.

Case Study: Amazon Hoverboard Case

The 2018 case involving exploding hoverboards sold on Amazon brought to light the complex product liability challenges within ecommerce. These hoverboards, known for overheating and causing fires, led to lawsuits against Amazon, which argued its role as merely a marketplace and shifted the responsibility for product safety onto the third-party sellers.

Despite the sale of these hazardous products between 2015 and 2016, some costing up to $900, and resulting in burns and property damage, the court sided with Amazon. This decision highlighted the importance of seller responsibility in product safety, setting a precedent for ecommerce liability. 

Case Study: Amazon Prime Lawsuit

In 2022, Amazon Prime customers filed a lawsuit expressing their dissatisfaction with the service, particularly for not meeting the two-day delivery promise. Despite billions of packages that Amazon processed weekly, including those for Prime members who paid for expedited shipping, delays became a common complaint.

Prime customers, including those from California who initiated the lawsuit, accused Amazon of falsely advertising and deceptively marketing its one- and two-day shipping guarantees. They alleged that Amazon provided a specific delivery date at the time of purchase, only to extend this date or fail to provide any expected delivery date due to delays in transit. 

Case Study: Equifax Data Breach

The Equifax data breach in spring 2017, marked by expired certificates and unpatched vulnerabilities, underscores significant cybersecurity lapses. Despite receiving a warning from the U.S. Department of Homeland Security about a vulnerability in Apache Struts, Equifax’s internal communication and subsequent actions failed to address the flaw. A misconfigured device, due to an expired digital certificate, failed to detect the vulnerability, allowing attackers to infiltrate and remain within Equifax’s system from mid-May to the end of July.

This breach exposed the personal information of 145 million U.S. residents and over 10 million UK citizens. The use of rogue or stolen certificates by attackers can hide data exfiltration within encrypted traffic, complicating detection without effective HTTPS inspection solutions. In September 2018, the UK’s Information Commissioner’s Office fined Equifax £500,000 (about $625,000 USD), the maximum under the Data Protection Act 1998, for failing to protect UK citizens’ personal information, showcasing the grave consequences of cybersecurity negligence.

Case Study: Facebook Outage

The significant Facebook outage on October 4, 2021, lasting seven hours, affected not only Facebook but also Instagram, WhatsApp, Oculus, and enterprises using Facebook’s authentication system, marking it as the biggest outage of the year. Triggered by a routine maintenance task gone awry, the outage was caused by a command that inadvertently severed all connections within Facebook’s backbone network, leading to a complete disconnection of its data centers.

This situation was exacerbated by a bug in the audit system meant to prevent such mishaps, resulting in both public-facing services and internal management tools going down, necessitating manual system restarts by staff physically entering data centers. The breakdown also affected DNS query systems, isolating DNS servers due to disabled BGP advertisements, which further complicated recovery efforts as engineers struggled without standard access to data centers or the usual internal tools due to total DNS loss.

Case Study: Marriott International Data Breach

In October 2020, Marriott International faced an £18.4 million (about $23 million USD)  fine by the Information Commissioner’s Office (ICO) for a substantial data breach that compromised millions of guests’ personal details, under the General Data Protection Regulation (GDPR) framework. This fine came in the wake of a cyber attack dating back to 2014 on Starwood Hotels and Resorts Worldwide, which Marriott acquired, where approximately 339 million guest records were accessed, including 7 million records of UK residents.

The breached data included a wide array of personal information such as names, email addresses, phone numbers, unencrypted passport numbers, and details related to guests’ stays. The ICO’s investigation concluded that Marriott failed to implement adequate security measures to protect this data, leading to the fine. However, the amount was significantly reduced from an initial threat of £100 million (about $125 million USD), taking into consideration Marriott’s efforts to mitigate the breach’s impact and the economic toll of COVID-19 on its operations. 

Case Study: Nike Tracking Issues

Nike experienced a significant loss of around $100 million in sales in the early 2000s due to tracking issues. The company’s subsequent adoption of updated inventory software aimed to improve sales prediction and demand fulfillment, but instead led to further financial setbacks due to bugs and data inaccuracies.

Despite these challenges, Nike continued to face inventory dilemmas, notably in 2016 when its gross margin suffered from increased discount sales linked to these persistent issues. In response, Nike has been refining its inventory practices through manufacturing overhauls and the adoption of digital technologies, aiming to solidify its status as a global leader in the athletic wear market by innovating products, exploring new markets, and optimizing its supply chain, demonstrating the importance of adaptability and quality in inventory management systems for large, dynamic businesses.