Arrow back

Five crucial lessons from breached businesses

08 September, 2023

Cyber breaches are relentless and pose ongoing challenges for organisations to protect their data.

The reality is that no organisation, regardless of size or industry, is immune to the potential consequences of a data breach (we hate to be the ones to tell you!).

In this blog, we will focus on learning from real-life examples of businesses that navigated and recovered from cyber breaches.

Examining their experiences gives us insights into practical strategies for enhancing resilience and security.

Let’s get into it!


In early December 2022, Activision, a prominent video game maker, fell victim to a data breach.

Hackers exploited an employee through SMS phishing, gaining unauthorised access to the company's internal systems.

An in-depth analysis of the leaked data by 'Insider Gaming,' a respected video game publication, revealed that the breach exposed extensive employee details such as full names, email addresses, phone numbers, salaries, and work locations.

Following an investigation, it was determined that no sensitive employee data, game code, or player data was accessed.

Notably, a Slack account owned by an Activision employee provided hackers an entry point, enabling them to deceive other employees into clicking malicious links.

This breach was attributed to human error, as an unwitting employee clicked on malicious links within an SMS phishing text, inadvertently enabling the breach.

Upon discovering the breach, Activision's dedicated information security team swiftly initiated countermeasures to address the SMS phishing attempt and rectify the situation.

Activision's rapid response and comprehensive investigation effectively curtailed the breach's impact.

This incident shows the importance of addressing human error and rapidly securing sensitive information.

It serves as a reminder that continuous cybersecurity training and vigilant practices are essential within organisations to avoid similar breaches.

Cathay Pacific

In October 2018, Cathay Pacific, Hong Kong-headquartered airline, unveiled a security breach that had occurred in 2014 yet had remained completely undetected.

This incident involved unauthorised entry by hackers into their systems, compromising sensitive passenger data, which included personal information like names, contact details, and passport information.

A hacking group had utilised password-stealing malware to breach administrative systems, affecting 9.4 million global passengers.

The breach was attributed to human error, as a lack of robust password security measures allowed hackers to exploit cyber vulnerabilities and gain access to the airline's systems.

In response to this breach, Cathay Pacific undertook a series of comprehensive measures to enhance their cybersecurity.

These measures included a dedicated focus on data governance, network security protocols, stringent access controls, comprehensive cybersecurity education programs for employees, and an advanced incident response framework.

Cathay Pacific also acknowledged the ongoing need to invest in evolving IT security systems due to the continuously escalating landscape of cyber threats.

As a consequence of this breach, the UK Information Commissioner’s Office (ICO) imposed a fine of £500,000.

This incident prompted the company to reiterate its commitment to collaborating with authorities and emphasise its dedication to protecting personal data.

This case highlights the crucial significance of proactive cybersecurity measures and the persistent drive for continuous enhancements to mitigate evolving cyber threats effectively.

Marriott Hotel & Resorts

In January 2020, Marriott Hotel & Resorts experienced a significant security breach caused by hackers exploiting vulnerabilities in a third-party application used for guest services.

The breach resulted from the compromised credentials of two Marriott employees, granting unauthorised access to 5.2 million guest records.

A human error led to records containing sensitive data such as passport details, contact information, gender, birthdates, loyalty account specifics, and preferences being compromised.

Marriott's security team promptly intervened after detecting irregular activities and resolved the breach by the end of February 2020.

Subsequently, Marriott Hotels & Resorts faced a fine of £18.4 million.

The hotel chain contacted affected guests through emails, established a dedicated website, and introduced a call centre to assist guests.

These resources included a step-by-step guide to respond to the breach and details about enrolling in a personal information monitoring service for those affected.

A spokesperson from Marriott stated "Marriott remains committed to the privacy and security of its guests’ information and continues to make significant investments in security measures for its systems." The U.K.'s Information Commissioner's Office (ICO) subsequently reduced the data breach penalty for Marriott to £14.4 million.

This adjustment underscores Marriott's commitment to prioritising the security and privacy of guest data going forward.

How you can protect your business from cyber attacks

  1. Implement strong password policies:
    Enforce complex passwords and regular updates for all accounts. Consider multi-factor authentication to add an extra layer of security.
  2. Regular employee training:
    Educate your employees about the latest cyber threats, phishing scams, and best practices for identifying and reporting suspicious activities.
  3. Update software and systems:
    Keep all software, applications, and systems updated with the latest security patches. Outdated software can be vulnerable to known exploits.
  4. Network security measures:
    Employ firewalls, intrusion detection systems, and encryption protocols to safeguard your network and data from unauthorised access.
  5. Data backups and recovery plans:
    Regularly back up your critical data to secure locations. Develop a robust data recovery plan to ensure business continuity in case of a cyber attack.

By adopting these proactive measures, your organisation can significantly reduce the risk of falling victim to cyber-attacks and protect sensitive information from potential breaches.

How Bob’s Business can help you

At Bob's Business, we understand human error's vital role in cyber attacks and the critical importance of protecting your organisation against potential breaches.

Our comprehensive cybersecurity awareness training empowers your employees with the knowledge and skills they need to become the first line of defence against cyber attacks.

Get in touch with us today to learn how Bob's Business can partner with your organisation to enhance cybersecurity awareness and ensure a safer digital environment for your business.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance