The Washington Post reports that Spotify – one of the leading online radio and music streaming services – was hacked, and though initial reports suggest that the data breach was an extremely small one, it's already creating major headaches for the company.
In the past year, we’ve seen breaches that have affected millions of users. So far the Spotify breach might only have affected one user. That's right, just a single Spotify listener. It’s kind of refreshing to read about a relatively minor breach, no?
The story may be unique, but the ending is familiar. Though Spotify’s breach may be the smallest of the year, it's costing the company time and money. Furthermore, its size makes this data breach a good model for understanding how cyber attacks can affect small businesses and their IT consultants.
How Expensive Are Small Data Breaches?
Spotify confirmed that one user's data was breached, and the lost data didn't include any billing or password information. You might say this breach is a best-case scenario for Spotify, but the truth is that even small, containable data breaches are expensive.
Spotify hasn't released too many details about how the breach occurred, but from what it has said, we know that it affected Android users. In addition, Spotify has said that it will upgrade its Android app soon and has warned users about downloading Android apps from sites other than the Google Play and other secure app stores.
From what we do know, it's clear that Spotify is in full-scale crisis management mode, rushing to push out software upgrades, monitoring its tens of millions of users for signs of breaches, and figuring out how to implement a major upgrade across millions of devices (a task that will be a bit like herding cats).
All this comes at a time when Spotify is rumored to be considering an IPO. Ouch.
Remember, only a single user's account was breached (possibly because the user downloaded an app from a non-trusted site). If you're a mobile developer, a story like this brings home just how dangerous a data breach can be, even if it's a small one. Even if practically no customers are affected, you're looking at expenses related to…
- PR campaigns.
- Software upgrades.
- Monitoring your customer accounts.
The Takeaways: What Mobile Developers and IT Consultants Can Learn from the Spotify Hack
- All data breaches are expensive because they require immediate and comprehensive action, investigations, and due diligence.
- Data breaches have a real effect on a company's reputation. Our article "Survey: Consumers Find Data Breaches Only Slightly Better than Oil Spills" looks at new research that shows consumers think data breaches are the third worst thing that can happen to a company's reputation. If a client loses customers, sees diminished revenue, or loses investments, they could sue their IT consultant for thousands or millions in damages.
- Mobile devices come with inherent risks. If your clients run BYOD workplaces, remember that one employee downloading a bad app and using their device at work could lead to a data breach. If an employee downloads an app like Spotify to listen to music while working, they could accidentally expose the whole company to a cyber attack.
Is There Insurance for Data Breaches?
Yes, there are two insurance policies that cover data breaches. Clients can cover their data risks with Cyber Liability Insurance, and IT professionals can be protected from data breach lawsuits by Errors and Omissions Insurance.
Errors and Omissions Insurance pays for lawsuits, lawyers’ fees, and other court costs associated with lawsuits over data breaches (and other IT liabilities).
Small IT organizations and independent contractors can get coverage starting at $80 per month. For a free quote on this coverage, submit an online insurance application, and an insurance agent specializing in data risk and IT liability will send you a free cost estimate.