Enterprises have made great progress in deploying technological solutions to protect themselves from direct and indirect external threats, however the rise and increased sophistication of attacks which target customers and internal attacks indicate that there is a new threat that has to be addressed.
Phishing and pharming (luring people to disclose sensitive information by using bogus emails and websites) were two major additions to the top security threats. The trend is now shifting from internal to external attacks and tactics which exploit technological loopholes. According to a report from 7Safe, 86% percent of all implemented attacks were followed by theft of data. Sony’s PSN online entertainment services, Heartland’s credit card scam, TJX wide reaching security breach – they all suffered some kind of a data breach in recent years.
David McCandless and the team from the site Information is Beautiful has compiled a stunning and terrifying interactive infographic showing 300 of the world’s largest data breaches since 2004, with the size of the bubble indicating the extent of the leak. The graphic indicates the number of incidents connected with lost or stolen computers and the method of leakage.
Below is a look at some of the biggest and important data breaches, which have caused embarrassment for companies, consumers, and, in some cases, the government.
In 2009, the New Jersey credit-card processor disclosed that hackers compromised its computer network, gaining access to card transactions information of more than 100 million customers. The data breach ranks among the biggest credit card scam in history. Heartland eventually paid more than $110 million to American Express, MasterCard, Visa and other card association to settle claims related to data breaches.
Sony’s PlayStation Network
In 2011, Sony’s PlayStation Network was hacked and the attackers compromised 77 million accounts exposing customer names, addresses, dates of birth, passwords as well as payment details. Later, it was also discovered that aside from customers’ information, 50,000 music files (mostly related to king of pop Michael Jackson) were also compromised.
Sony was late to identity the attack until it noticed payment details were compromised that the company informed its customers. The Information Commissioner’s Office fined Sony £250,000 for the hack stating that it was in serious breach of the Data Protection Act.
Hackers Breached Apple
Last year, hacking group AntiSec claimed they hacked an FBI laptop accessing 12 million Apple Unique Device Identifiers (UDIDs). In addition to the UDIDs, the release includes notification Center tokens, device names, and device IDs. Subsequently, it was discovered that app developer Blue Coat was the source of the breach.
The information that compromised was Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zip codes, cellphone numbers, addresses, etc. Later, the group published all these information online.
In last July, an intruder attempted to secure personal information of Apple’s registered developers from developer website. Apple said there was possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed.
The retailer, which owns T.J. Maxx and Marshalls, informed a wide-reaching security breach that may leave its customers around the world exposed to fraud and identity theft from transactions that date back to 2003. The security breach identified in 2007 was so large that the number of exposed cards could exceed the 40 million.
RSA Security claimed two separate hacker groups worked in collaboration with a foreign government to launch a series of spear phishing attacks against RSA employees. As many as 40 million employees’ records reportedly stolen by hackers posing as people the employees trusted to penetrate the company’s network.
After the attacks had been announced by RSA reports from various defense contractors began to filter in as they noticed and stopped strange activity on their networks: affected contractors included Lockheed Martin, Northop Grumman, and L-3 Communications.
Department of veterans’ affairs data breach
An encrypted national database was stolen, which included the names, social security numbers, birth dates, and some disability ratings for 26.5 million veterans, active-duty military personnel and spouses. The database was stored on a laptop and external hard drive, both of which were stolen in a burglary from a VA analyst’s home in Maryland.
Without first destroying the data, US Military sent back a defective unencrypted hard drive to repair and recycling, which held detailed records of 76 million veterans including millions of Social Security number dating to 1972.
In other high visibility attack, last year Pentagon official acknowledged that the Department of Defense has suffered one of the most damaging cyber-attacks in its history in which 24,000 files had been lost to foreign intruders. Over the past few years, all manner of data has been stolen, some of it mundane, some of it concerning most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols.
White House Military Office network (WHMO) was also compromised containing some of the nation’s most sensitive information, including the information that is required in order to launch a nuclear strike and other information that is reserved for the highest intelligence and policy officials. The method of the attack came through what is known as spearfishing – delivered by a malicious link in email or file that acts as though it comes from a specific source and requests confidential information.
It’s clear that enterprises and government data breaches are on rise and some of the biggest institutions in the world aren’t escaping unscathed. Hackers are deploying some of the most sophisticated attacks to get the information. With threats such as identity theft, phishing and pharming on the rise, organizations can look at implementing identity management solutions, encompassing access, vulnerability, patch and security event management.