15 worst data breaches
Data security breaches happen daily in too many places at once to keep count. But what constitutes a huge breach versus a small one? For some perspective, we take a look at 15 of the biggest incidents in recent memory.
1.
Heartland Payment Systems
Impact: 134 million credit cards exposed through SQL injection to install spyware on Heartland's data systems.
2.TJX
Impact: 94 million credit cards exposed. According
to KNOS Project cofounder and chief architect Kevin McAleavey, this was
possible because TJX's network wasn't protected by any firewalls.
Albert Gonzalez, hacking legend and ringleader of the Heartland breach,
was convicted and sentenced to 40 years in prison, while 11 others were
arrested.
3.Epsilon
Impact: Exposed
names and e-mails of millions of customers stored in more than 108
retail stores plus several huge financial firms like CitiGroup Inc. and
the non-profit educational organization, College Board.
4.
RSA
Impact: Possibly 40 million employee records stolen. The impact of the cyber attack that stole information on the company's SecurID authentication tokens is still being debated. The company said two separate hacker groups worked in collaboration with a foreign government to launch a series of spear phishing attacks against RSA employees, posing as people the employees trusted, to penetrate the company's network. EMC reported last July that it had spent at least $66 million on remediation.
Impact: Possibly 40 million employee records stolen. The impact of the cyber attack that stole information on the company's SecurID authentication tokens is still being debated. The company said two separate hacker groups worked in collaboration with a foreign government to launch a series of spear phishing attacks against RSA employees, posing as people the employees trusted, to penetrate the company's network. EMC reported last July that it had spent at least $66 million on remediation.
5.
Stuxnet
Impact: Meant
to attack Iran's nuclear power program, but will also serve as a
template for real-world intrusion and service disruption of power grids,
water supplies or public transportation systems.6.
Department of Veterans Affairs
Impact: An
unencrypted national database with names, Social Security numbers,
dates of births, and some disability ratings for 26.5 million veterans,
active-duty military personnel and spouses was stolen.7.
Sony PlayStation Network
Impact: 77 million PlayStation Network accounts hacked; Sony is said to have lost millions while the site was down for a month.
ESTsoft
Impact: The
personal information of 35 million South Koreans was exposed after
hackers breached the security of a popular software provider.
Gawker Media
Impact: Compromised
e-mail addresses and passwords of about 1.3 million commenters on
popular blogs like Lifehacker, Gizmodo, and Jezebel, plus the theft of
the source code for Gawker's custom-built content management system.10.
Google, etc.
Stolen intellectual property. In an act of industrial espionage, the Chinese government launched a massive and unprecedented attack on Google, Yahoo, and dozens of other Silicon Valley companies. The Chinese hackers exploited a weakness in an old version of Internet Explorer to gain access to Google's internal network.
11.
Stolen intellectual property. In an act of industrial espionage, the Chinese government launched a massive and unprecedented attack on Google, Yahoo, and dozens of other Silicon Valley companies. The Chinese hackers exploited a weakness in an old version of Internet Explorer to gain access to Google's internal network.
11.
VeriSign
Undisclosed information stolen. Security experts are unanimous in saying that the most troubling thing about the VeriSign breach, or breaches, in which hackers gained access to privileged systems and information, is the way the company handled it -- poorly. VeriSign never announced the attacks. The incidents did not become public until 2011, through a new SEC-mandated filing.
13.
14.
15.
Undisclosed information stolen. Security experts are unanimous in saying that the most troubling thing about the VeriSign breach, or breaches, in which hackers gained access to privileged systems and information, is the way the company handled it -- poorly. VeriSign never announced the attacks. The incidents did not become public until 2011, through a new SEC-mandated filing.
12.CardSystems
Impact: 40
million credit card accounts exposed. CSS, one of the top payment
processors for Visa, MasterCard, American Express is ultimately forced
into acquisition.
AOL
Impact: Data
on more than 20 million web inquiries, from more than 650,000 users,
including shopping and banking data were posted publicly on a web site.14.
Monster.com
Impact: Confidential information of 1.3 million job seekers stolen and used in a phishing scam.15.
Fidelity National Information Services
Impact: An
employee of FIS subsidiary Certegy Check Services stole 3.2 million
customer records including credit card, banking and personal
information.
0 comments:
Post a Comment