Data breaches often cause major financial and legal damages for businesses. But the ongoing Ashley Madison saga has shown that large-scale targeted attacks are now frequently claiming the jobs of top staff as well, often the CEO and CIO.
Last week Noel Biderman, CEO of Avid Life Media (ALM), the parent company of Ashley Madison, buckled under the pressure of the data breach by the Impact Team, with ALM announcing that he was "no longer with the company".
Biderman's positioned was always at risk as he found himself in the spotlight and having to explain the ever increasing build-up of private data being posted online for the world to see.
The case is also indicative of a wider trend of targeted personal attacks. A personal ‘dox' file uploaded to the dark web and various peer-to-peer torrent sites contained Biderman's personal emails, bank details, home address and information suggesting that he had been having an affair. What was a PR nightmare for the company also turned into a PR nightmare for the CEO.
Biderman now finds his name on a growing list of people previously in high-profile positions ousted as a direct result of a hack.
Falling on the cyber sword
One notable case in 2011 involved Aaron Barr, a founder of US security firm HBGary, after he claimed online that he was able to identify the ringleaders of the hacktivist group Anonymous. The hacking group responded by raiding his personal accounts and stealing 70,000 emails before publishing the entire cache online.
The emails revealed internal plans to destabilise whistleblowing website WikiLeaks, and led directly to Barr's resignation.
"Given that I've been the focus of much bad press, I hope that, by leaving, HBGary and HBGary Federal can get away from some of that. I'm confident they'll be able to weather this storm," he told Threatpost at the time.
But what was a notable case in 2011 is now fairly common. For example, high level executives at US retail giant Target were forced to step down in 2014 after a data breach affected 70 million customers.
Target chief information officer Beth Jacob resigned in March 2014 in the wake of the hack that compromised over 40 million credit and debit card accounts.
"To ensure that Target is well positioned following the data breach we suffered last year, we are undertaking an overhaul of our information security and compliance structure and practices at Target," said chief executive Gregg Steinhafel at the time.
However, by May Steinhafel was gone, citing the reason that he held himself personally accountable for the huge data breach.
Meanwhile Sony Pictures co-chairwoman Amy Pascal tendered her resignation in November after a gigantic hack took its toll on the company. Attacked by a cyber group called Guardians of Peace, thought to originate in North Korea, the hack revealed deeply personal emails in which Pascal spoke out critically against president Obama.
"Although this was a private communication that was stolen, I accept full responsibility for what I wrote and apologise to everyone who was offended," Pascal said after her resignation.
In the most recent example, a huge cyber breach at the US Office of Personnel Management (OPM) claimed the position of director Katherine Archuleta.
A whopping 21.5 million federal records were stolen from OPM earlier this year and Archuleta initially fought calls for her resignation by initiating a full-scale review of the department's IT systems to identity any further vulnerabilities.
But after it was revealed that the breach was worse than initially thought, Archuleta tendered her resignation.
"The urgent challenges facing the OPM require a manager with a specialised set of skills. It is critical to its mission to safeguard its computer records and to safeguard its data," said the White House in a statement at the time.
Security and accountability
The emerging trend is that people in high-level positions in every sector are being held directly accountable for cyber breaches. With the numbers of attacks rising, this is something senior staff should take seriously.
A report released this year by security firm Cyren revealed that the number of successful cyber attacks on businesses of all sizes increased by 144 percent between 2010 and 2014 and the cost per company increased by 95 percent.
Eric Chiu, president and co-founder of cloud control company HyTrust, said that as a result of this, senior business leaders should make security a top priority.
"Data breaches are a huge cost to organisations, including loss of trust, brand damage, lawsuits and business impact. Understanding and placing a high importance on security will be a key requirement for any executive in the connected world that we live in."
In some ways, the Ashley Madison hack could be worse than those on the US government or Sony as it is unclear whether the firm has the infrastructure to survive the fallout and damage to its reputation. Ashley Madison appears to be crumbling under the weight of the leaks, but the firm maintains that membership figures remain strong.
Further disclosures from Established Men, another ALM website, are potentially on the horizon, and we may not have seen the last of the human fallout from the hack.
This could be indicative of a tactic of play-the-man instead of play-the-ball cyber attacks. The trend clearly shows that no business or CEO is safe from the implications of a cyber breach.
EE, O2, Vodafone, Three and Airspan open the bidding
Worried about data privacy? Here are several ways to secure your Facebook account
The ICO is seeking an urgent warrant to investigate a major data breach - everything you need to know as the story continues to unfold