It’s the Holiday Season, and Data Breaches are Coming to Town

Holiday Breaches

What puts you in the Christmas spirit? Santa, elves, presents, and snow, probably. Certainly not cybersecurity. But, if you are a business owner, you might want to add it to the list.

Unfortunately for businesses, malicious actors’ idea of a great Christmas is spending the day locking your data behind ransomware. Christmas is a prime time for data breaches and ransomware attacks. A study done by Darktrace showed that cyber-attacks increase by 30% during Christmas and New Year’s.[1] Several companies, including Macy’s, T-Mobile, and Medibank have experienced data breaches and ransomware attacks on Christmas day.[2]

Cyber-attacks are common during the holidays because businesses are more susceptible to security breaches. During the holidays, there are less employees in the office, and traveling employees work at home on non-private networks. Employees may be less engaged with their usual routines, and cyber diligence can falter. Cyber criminals see this reduction in security and make their move. A whole company’s holiday can be ruined by a simple “Merry Christmas!” phishing email that leads to a ransomware attack, or an malware intrusion stemming from an employee’s use of an unsecured public network.

Preparedness & Best Practices

The possibility of a data breach over the holidays can be daunting for business owners, but there are several ways to protect yourself and your business.

Long term, your business needs to implement an Incident Response Plan (IRP). An IRP is a “predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization’s information systems(s).”[3] In an IRP, everyone knows their role and how they need to respond in the event of a data breach. Having an IRP prevents disorganization, confusion, and saves precious time during a security event. Not only will less data be lost, everyone will be able to return to enjoying the holidays much sooner.

Short term, education is the best defense. Take time this December to remind employees of your company’s cybersecurity policies. Provide optional training sessions, and ensure remote employees are working in secure environments. A simple reminder to your employees to remain diligent could be the determining factor of how you (and your cybersecurity attorney) spend the holidays. Don’t let data breaches come to town, and enjoy the holiday season.

If you are looking to create an Incident Response Plan for your business or update any data security policies and/or procedures, contact a member of the Barrett McNagny Cybersecurity Team. 


[1] Damir Mujezinovic, Cyberattacks Surge During the Holiday Season: Here’s Why, MakeUseOf (Nov. 21, 2022)

[2] George Anderson, Will A Hack Ruin Macy’s Christmas?, Retail Wire (Nov. 20, 2019) 

[3] Incident Response Plan, NIST, (last visited Dec. 19,2022).

Barrett McNagny LLP

Legal Disclaimer

The information contained in the Barrett McNagny LLP website is for informational purposes only and should not be considered legal advice on any subject matter. Furthermore, the information contained on our website may not reflect the most current legal developments. You should not act upon this information without consulting legal counsel.

Your transmission and receipt of information on the Barrett McNagny LLP website, or sending an e-mail to one of our attorneys or staff, will not create an attorney-client relationship between you and Barrett McNagny LLP. If you need legal advice and want to establish an attorney-client relationship with Barrett McNagny LLP, please contact one of our attorneys by telephone, email, or other means of communication, and allow the attorney to confirm that the firm does not represent other persons or entities involved in the matter and that the firm is willing to accept representation. Until such confirmation is provided by one of our attorneys, you should not transmit information to us that you consider confidential. If you do provide information to us, and no attorney-client relationship is established, the information will not be considered confidential or privileged, and our receipt of such information will not preclude us from representing another client in a matter adverse to you.

Any links to other websites are not intended to be referrals or endorsements of those sites.

Privacy Policy

Terms of Use

ADA Compliance

Transparency Cover Rule: Machine-Readable Files

Contact Us
My name is
and I am a(n)
seeking legal counsel in the area of 
me at
as soon as you can.

Thank you for contacting us!

A representative will be in touch with you shortly.

An attorney-client relationship will NOT be formed merely by sending an email to Barrett McNagny, LLP or to any of its attorneys. Please do not send any information specific to your legal needs until you obtain approval from a Barrett McNagny, LLP attorney, as the content of such email will not be considered confidential or privileged. By sending us an email, you confirm your understanding of this notification. If you agree, you may use the e-mail links on this page to contact an attorney.