2015 is at an end and, as such, we look back and see what has happened.
This year was without a doubt marked by data breaches. Over the year, millions and millions of customer and employee records were stolen.
So lets look just some of the data breaches in chronological order.
The year started by with the insurance company being hacked. In it, information capable of identifying 78.8 million customers was stolen. The data was stolen during an attack on January. The attack remained undiscovered for a month.
A hack that exploited a tool intended to make life easier for the american people, has led to a major data breach. In May, it was reported that the tax information of 110.000 americans was stollen. Latter, in November this number was revised to 330.000 records.
The cloud based password management company was hacked in June. Although they use very strong encryption algorithms, after the hack, the company advised every user to change their master password. In this case, if users were using a weak password, it is possible that the atackers recovered you password. There are no official records of how many master passwords were stollen.
In April, OPM noticed a data breach on their systems. Uppon depper investigation, it was concluded that the hack had started in April 2014 ( maybe even earlier). In this hack, the personal information of 21.5 million federal employees (including previous or retired personnal) was lea.
In July, the hackers got hacked. The Italian survilance and hacking company saw its network breach and 400 gigabytes of information was exposed. Among it, there where several zero day exploits used by the company.
UCLA Health has announced that they have suffered a major data breach in September 2014. Uppon latter investigations, on May they realised that the attackers had gainned access to computers that stored sensitive recrods.
This breach has exposed the medical and personal information of 4.5 million people.
CVS Pharmacy had a service where a user could upload a picture into their servers and then pick up a printed copy at a pharmacy, the CVSphoto. On July 10th, the company shutdown the service due to a massive data breach.
The breach revealed the credit card information plus personal information of customers. The number of exposed records is not know, but it is believed that it surpassed the million mark.
The phone retailer saw as much as 2.4 million of their customer data exposed on August the 5th. The exposure included bank and personal information.
This is considered the biggest hack done in the UK. For a term of comparison, it exposed the information of 4% of its population.
The popular cheaters site was hacked in August. Due to the site policy of not deleting customer records, the attack exposed names, addresses, email accounts, hashed password of 37 million customers.
In September, Excellus announced that it had discovered a 2 year old hack that had stolen the information of 10.5 million customers. The stollen information contained personal and payment (including credit card information) records.
The stock trading service revealed that they had suffured a data breach 2 years prior. The breach exposed the email accounts and social security numbers of 4.5 million users.
The credit company was breach and as much as 15 million (from T-Mobile) customer records were stolen. Among the stolen information, it was possible to find the clients personal information. One interesting thing is that although the social security numbers were encrypted, the company said that the encryption may have been compromised.
15gb of data was stolen from the crowdfunding company. Among the stolen information, it was possible to find user information like their donation, names and more. The hack exploited the debug mode of the site thus, revealing the stolen information.
THC has reported that they have detected malware activity on their network. The activity started in May 2014 and lasted until July 2015 (yes, more than a year). During the campaign, the malware accessed the credit card information of the hotel clients. THC reports that the malware accessed the information in “real-time” when the clients were inserting them on the terminals. The number of stolen credit cards is unclear.
A group of hackers breached a system that i used to share sensitive information between law enforcement agencies on the US. During the attack, the group of hackers was able to steal the arrest records, access the policy chat and file transferring services. There is no account of how much information was stolen.
The company that provides US prison phone lines may now be facing charges themselves. The source of this charges is a data breach that revealed over 70 million phone call records on their servers. Since these records come from prison lines, they may violate the client attorney confidentiality.
The breach suffered by the toy manufacturer has exposed the personal information of 4.9 million parents and 6.4 million children. In the stolen data it is possible to find credit card numbers, personal information, login credentials, password retrieve questions and photos of the children.
A bad database configuration that exposed it to the internet without any authentication has led to the exposure of 13 million personal records of the anti-virus users. Although the passwords are hashed, according to the source of the discovery, they are using the deprecated MD5 algorithm which can be broken in useful time.
Well, the year started out big, it had to end even bigger. On December 20th, a misconfiguration on the US voters database exposed the personal information (including full name, home addresses, voter ID, etc ) of 191 million voters.
The shocking part about this breach is that, no one is taking responsibility for ownership of the compromised database, meaning that the information may remain exposed until the time of writing.
So how can you minimize further exposures on your systems? Well, the correct answer to that is that, you need to introduce security at every step of the software life cycle. From the requirements to production and, even at the end of life of the software.
Another concern for the future is that, although these exposures represent a very real danger, there will be an even bigger one, the changing of data. According to the American’s intelligence chiefs, the next wave of attacks will not steal information, they will change it (http://bit.ly/1VS8Pb8).
Make sure to check the blog in the coming month as we will add a set of posts about securing you information to prevent major problems if data gets leaked and another set on how to detect and recover from data being changed on your systems.
0 comentários :
Post a Comment