In 2016, several high-profile data breaches took place, including two Yahoo breaches that affected 1.5 billion user accounts. 2016 also saw headlines about incidents at LinkedIn, Oracle, and Dropbox. Commentators even began calling 2016 the “Year of the Data Breach.” 2016 saw a 40% increase in breaches compared to the previous year and marked the start of the trend of significant reporting of incidents. If we don’t want 2026 to become the new 2016, we will have to relearn the lessons from the “Year of the Data Breach.” This presentation will explore the cybersecurity lessons that we should have learned from 2016 by first exploring current cybersecurity trends. 2025 saw a record high number of data breaches but a significant decrease in the number of individuals impacted. Signaling a move from mega breaches that were the primary cause of incidents in 2024. Next, we will travel back to 2016 and examine the high-profile incidents that occurred that year. Focusing on the Yahoo data breaches and how state-sponsored criminal hackers used spear phishing and Yahoo’s outdated security infrastructure to accomplish two of the largest breaches in history. 2016 also saw old breaches coming back to bite companies like LinkedIn. Then we will discuss how the problems we faced in 2016 continue to impact us today. Before, finally outlining ways to apply the lessons from 2016 to make us all a little safer.

Learning Objectives • Analyze the lessons from cyber incidents that took place in 2016 that resulted in a record number of breaches. • Understand the current cybersecurity risks and trends facing businesses. • Apply the lessons from the 2016 data breach to develop and improve cybersecurity policies and practices.