polcode5

10 data breaches & hacks of 2016 that shook the world

November 30th is Computer Security Day. It is a time when we all raise awareness about computer security best practices. It is also a grim reminder of the many threats that lurk in cyber space. The year 2016 has so far proved that to face the danger, not only do we need great cyber threat defense, but also for everyone to keep their heads cool. Read and learn as you go through our list of the 10 worst data breaches of 2016.

IT security is a particularly democratic problem for the usual standards of the tech industry. Every developer spends hours solving all kinds of problems “ordinary mortals” have absolutely no interest in. But everyone cares about cyber threats. No one likes to be spied upon. No one enjoys losing precious data or money (which increasingly often are the very same thing). It applies equally to individuals and the biggest of corporations. Does it get any more egalitarian?

Our short recap of the most spectacular data breaches of 2016 proves that many of them are quite easily avoidable. All it takes is a little discipline. See for yourself.

Not even the FBI is safe

This February, the quality of IT security of the most strategically vulnerable American governmental institutions was called into question. A group of hackers managed to steal the contact information of over 20,000 FBI employees and 10,000 from the Department of Homeland Security. The hackers were able to do that by compromising the database of the Department of Justice, as they proudly boasted on Twitter. The attackers explained that their actions are a response to the US’s stance on the Israeli-Palestinian conflict.

The healthcare sector is in danger, too

Florida-based 21st Century Oncology provides cancer care. In March, the company announced that it had fallen victim to an attack that exposed the information of over 2.2 million patients. The data included insurance and treatment information, Social Security numbers and more.

Even the most sophisticated safety measures won’t do…

… if you just go and lose your hard drives! That’s precisely what happened to Centene – a Fortune 500 company and a leading multi-line healthcare enterprise. Due to the loss of these drives, over 950,000 members of their programs had their sensitive information exposed. It included dates of birth, Social Security numbers, addresses etc.

Maybe you should reconsider that snap

The things people snap…Maybe they would think twice before doing it if they knew that Snapchat is far from perfect when it comes to IT security. This time, all it took was a simple phishing scam. An attacker, pretending to be the Snapchat chief executive Evan Spiegel, asked an employee to email the payroll information of many current and former employees of the social media company.

What if protectors can’t protect themselves?

That’s how you really know that no one is safe. It was Brian Krebs, a well-known cybersecurity journalist, that found out that the data of over 1.5 million customers of Verizon Enterprise had been put up for sale on an underground cybercrime forum. According to Krebs, the attackers found a way to force the MongoDB system to “dump its contents” as the data was offered in multiple formats, including the MongoDB database system.

Ironically, the company, a division of Verizon that provides IT services to the biggest organizations in the world, publishes breach investigation reports on a regular basis. In 2016 it was forced to write one about itself.

Centerpiece of democracy

As democratic elections go increasingly more digital, it is vital to make sure that the voting process is not compromised in any way. It may have not been the case with the Philippine Commission on Elections. It is believed that the commission failed over 55 million voters who entrusted it with their sensitive information. It included fingerprint information and passport numbers.

Sensitive data is everywhere

Even at Wendy’s, the popular fast food chain, has confidential information that can be hacked. It becomes obvious if you realize just how many financial transactions are made in all of its 6,500 restaurants worldwide. This time, it was malware software that attacked the point of sale (POS) system of some of Wendy’s branches. It is possible that payment cards used to pay at Wendy’s have been subsequently used to commit frauds.

Past mistakes can come back to haunt you

That’s what LinkedIn learned the hard way. Back in 2012, the company allegedly lost over 117 million email and password combinations. It has since made an effort to reset password data for these accounts. This May, LinkedIn discovered that the data stolen a few years ago had been made freely available online. To combat this problem, it has prompted all users that have not changed their passwords since 2012 to do it as soon as possible. It has also employed automated tools to identify suspicious activity on LinkedIn accounts.

Mother of data breaches

A lot of data breaches associated with places such as stores or restaurants have to do with larger fails at companies that provide data-sensitive solutions typically used at such places (POS, CRM systems etc.). In July, Brian Krebs found out right at the source, that Oracle indeed found malicious software in their point of sale credit card payment system MICROS used by over 330,000 cash registers around the world.

It is unclear how exactly that breach happened, but according to Krebs the MICROS customer support portal communicated with a server used by Carbanak Gang – part of a Russian cyber crime organization that is known for a number of major hacks that cost victims over $1 billion.

Sometimes, all it takes is to be responsible

Much like the case of Snapchat, the troubles at Seagate, the data storage company, remind us that everyone can contribute to making data safe. A low level employee was again the unfortunate centerpiece of the story. They fell victim to an email-based phishing scam. What appeared to be an internal company request for W-2 tax documents, turned out to be yet another trick. As a result, all the W-2 tax information the company had was compromised.

IT security sure is a vast field, with many factors coming into play, making a difference between safe data and troubles for millions of people. This year’s most notorious cases remind us especially that everyone can make a difference. That’s why even completely non-technical individuals should make the effort to learn the very basics of what can be done to protect data. Our infographic that you can download below should be a good start!

Polcode Team

Polcode_computersecureday1