Data Breaches You Should Know About
2014 isn’t exactly a good year for proponents of IT security, as the Identity Theft Resource Center has already counted 381 reported breaches and around 10.8 million records exposed this year, and that’s just from January to June, we still have half a year to go before we really find out the severity. Even if you’re not from the IT security industry, it is important to know about these attacks as you never know which ones could affect you these days due to the prevalence of computers. Here are some of the worst Data Breaches you should know about for this year:
Millions of AOL Email Accounts Compromised
Last April, the America Online Mail Team sent out an important security update notifying its users that their security team has discovered a significant increase in the amount of spam appearing as spoofed emails from AOL Mail Addresses. While the emails didn’t exactly originate from actual AOL accounts, many users were tricked by phishing emails, resulting in many actual AOL accounts being compromised by the hackers. AOL advised its users to change their passwords and security questions to avoid further harm.
Credit and Debit Card Numbers Farmed From P.F. Chang Restaurants
Last June, a suspected malware that somehow found its way to the POS terminals of P.F. Chang Restaurants managed to steal customer debit and credit card numbers. The attack wasn’t discovered by the management, and only learned of it after being notified by the Secret Service. The actual cause is still being investigated, but the damage was so severe that the chain of restaurants switched to old-fashioned manual processing of credit card information until the whole matter is resolved.
The Montana Department of Public Health and Human Services Hacked
Also in June, the Montana Department of Public Health and Huamn Services has released a statement confirming that a department server containing around 1.3 million records consisting of client information, which includes names, addresses, birth dates, Social Security numbers and even clinical information had been compromised by hackers. It is not yet clear whether the data had been extracted and exactly for what purpose.
NRAD’s Billing Systems Accessed Without Authorization
The Long Island, N.Y.-based radiology practice NRAD Medical Associates recently announced that an employee radiologist managed to access and acquired supposedly protected health information via their billing systems without any authorization. The breach included 97,000 records of patient names and addresses, as well as sensitive information such as social security, health insurance, and diagnosis information. This is especially alarming as NRAD has not named the employee but admitted that he or she no longer works for the practice.
Hackers Exploit Vulnerability in Paytime, Inc’s Systems
When hackers found out about a vulnerability in systems belonging to the Pennsylvania payroll company Paytime, Inc., they managed to snag an estimated 230 thousand records belonging to individuals that have had transactions with Paytime. This is particularly serious as the records include Social Security numbers and payment information, which means there is a financial incentive to abuse the stolen data.
Usernames and Email Addresses Stolen From eBay
Last May, hackers managed to compromise eBay’s servers and steal over 145 million user names and encrypted email addresses from the online auction company’s databases. While eBay clarified that the hackers will have a difficult time decrypting the email addresses, they still advised users to change their passwords immediately.
Amex Account Records Leaked
Once again, the Secret Service ended up having to tell a large multinational corporation that their data has been compromised – this time around it’s American Express, and the loot being 76 thousand American Express account records that were stolen and posted on Internet sites by individuals claiming to be associated with the worldwide hacking collective Anonymous.
Home Depot Customer Information Database Compromised
Last May, Home Depot’s computer systems were accessed by an employee with authorized access and over 30 thousand records on customer information were compromised and provided to unidentified third parties. The information includes name, address, birth date, phone number, card brand, card number, and even expiration date.
Common Themes
Common elements in the data breaches outlined above include malicious intent by employees with authorized access to company records and the verity that stealing information is still lucrative for the hackers. The key takeaways is that first, companies need to reexamine their security measures in order to ensure that they aren’t vulnerable to inside jobs and second, that extra care must be taken in order to safeguard the private information of their customers, particularly ones that can be used to commit identity and credit card theft.
October 21st, 2014 at 5:24 am
[…] 1. Not All Bad Logons Are Malicious – bad logons are pretty normal occurrences. It’s easy for people to make mistakes while typing their passwords, but you should still watch out for ones with very high frequency. One way that can help with this is Microsoft Windows’ “Special Logons” which allow admins to define which groups are considered “Special” and write those groups to each computer to be monitored. So if someone logs on to a monitored computer, a new event is generated and forwarded to the event log collector. It greatly trims down the logs on bad logons, only giving you the ones that truly have the potential to be malicious. […]
October 30th, 2014 at 10:43 am
[…] written form. Consumers have very little patience for outages in these cases, but when it comes to web hosting problems, it would seem that users tend to be a little bit more forgiving. Why is this so? Are people […]