So far, Time Warner has not released any details about how the breach occurred, except to say that it was either the result of a phishing attack, or a more direct network attack on an affiliated company, but not against Time Warner’s core network. The investigation is ongoing, and it is possible that the number of affected TWC customers could increase as more information is gained about the attack. In the meanwhile, customers who may have had their data compromised will be receiving formal notification from the company, with the recommendation to change their passwords at their earliest opportunity.
At this time, the full extent of the data stolen is not known, although it appears that at a minimum it is user IDs, email addresses and passwords, which could easily open the door to much more invasive attacks against impacted customers.
Unfortunately, this is but the first of many similar situations we’ll be reading about in 2016. Corporate security is currently losing the battle against the hacking community, and although spending on that front has been increasing, it’s clear that there are a vast number of under-protected companies out there. If yours is counted among that number, now is the time to act. Yes, you may continue to get lucky, but sooner or later, you’re going to be the next unfortunate headline, and the mess created by the hackers will take months to clean up. The lost confidence of your customers will take even longer to recover.