World’s 2016 biggest data breaches
Cyber threats shouldn’t be neglected if you value your privacy and data. The biggest and most notorious security breaches of the year prove it. As there’s just one month of 2016 ahead, it’s time to look back at these cases to be more cafeful in the coming year.
When it comes to data leakages, no one is immune, neither large enterprises with the expensive security infrastructure, nor small and middle-sized companies, not even individual users concerned about their privacy. Small B2B companies are often subject to attack, as through their often poorly protected communication systems they can get access to a bigger fish — their influential client. It’s actually not the size of company that makes it attractive for hackers, but the type of data it possesses.
Data can be exposed in many cases due to lost devices, hard drives, flash cards, software vulnerabilities, intended actions of insiders and unconscious actions of the staff with a poor understanding of security. Large-scale data breaches, leaks, vulnerability disclosures were dominating the headlines throughout the year. Power grids, banks, IT companies, healthcare centers and politicians became the victims of attacks, and the cost of consistent information data breaches leaks was considerable.
This post will give you a general idea about the nature of this year’s cyber attacks. Nobody is completely safe from malicious attacks, and even companies that develop secure software became the targets of hackers. What is even more important, larger and more consequential breaches may lie ahead. The scale is limited only by the hackers’ ambitions.
Healthcare: $355 is the average cost per record breached
A frightening scale of data breaches in healthcare organizations was revealed this year, that made up approximately a quarter of all the most significant attacks, along with accidents in IT, governmental; organizations and social and communication services.
In healthcare, the data that employees deal with is highly sensitive, and the average cost per record breached in 2016 in is $355, which is higher than the average cost — $158.
On the 30th of October, the National Health Service’s Lincolnshire and Goole trust in the United Kingdom had to cancel surgeries and divert trauma patients because of the virus that crippled its electronic systems. The probable cause of the accident was an employee using an infected USB drive. A well-planned attack could’ve endangered lives of patients undergoing treatment. Now the U.K. government is going to address issues like this one, spending £1.9 billion (US $2.3 billion) over the next five years to pump up its cybersecurity defenses and pay for new research.
While movies often depict hackers as romantic and noble heroes or highly intellectual sociopaths, in real life this is more an exception than a rule and attackers may even steal the data of patients undergoing treatment for cancer. If you are ready to get a little disappointed in people and the idea of global justice, here is a short list of most notable data breaches in healthcare in 2016:
· 21st Century Oncology: private, financial and medical data of more than 2.2 million patients based across the country and internationally was exposed.
· Centene Group: personal health information and Social Security numbers of 950,000 members data got compromised.
· Premier Healthcare: more than 200,000 patient records were exposed after a laptop was stolen from their Indiana headquarters. Sensitive data was stored unencrypted on it.
· Hollywood Presbyterian Hospital: computer systems were locked up by ransomware until it paid $17,000 for regaining access to data.
IT: the largest data breach from a single site in history
This year, several large IT companies became victims of hacker attacks, including those who actually make money on selling solutions for data protection. With so many causes of massive data leaks, incidents like these raise questions about the diligence of IT companies in protecting our data. In 2016, the following cases of data leaks in the IT industry were made publicly known by the victims of attacks:
· Yahoo: the company revealed that a hacker working on a foreign government has stolen more than 500 million accounts in 2014. This is the largest breach from a single resource in history. The FBI investigates the case.
· Verizon Enterprise Solutions: approximately 1.5 million customers’ records stolen. The company itself provides data security services to businesses and governmental organizations internationally.
· Oracle: more than 330,000 sales registers were exposed as a result of a data breach, allegedly performed by Russian hackers through malware.
· Seagate Technology, a data storage company: several thousand former and current employee records, including Social Security numbers, exposed as a result of a phishing scam. An employee considered the phishing email to be an internal company request — and the data was leaked.
Politics: candidates were hacked, and voters too
Political life is in full swing this year, with the elections that are going to influence the international landscape. A significant number of scandals in the digital age came as a consequence of hacks and data leaks. Not only the reputation of politicians was affected: revelations changed decisions and decisions changed history. When someone starts an election campaign, opponents are against this person together with their crew and hired hackers, along with political activists and anarchists. Being a public person is tough, and to a great extent this is the internet that forms the image of the candidate and the opinions of voters. Protecting personal conversations is easy, when you use the end-to-end encrypted service, but as not all politicians do this, media men get material for front page stories. Here are the stories discussed in 2016:
· Philippine Commission on Elections: personal data of about 55 million people (all voters of the country) was compromised by Anonymous. In this way hacktivists aimed to show the necessity of providing security in vote counting machines used during the national elections.
· The Democratic National Committee and Hillary Clinton: multiple emails published on Wikileaks. As a result, the DNC chair resigned.
· Federal Bureau of Investigation, Department of Homeland Security: personal data of about 30,000 FBI and Department of Homeland Security employees was breached. The hacker claimed to have access to 200 GB of files.
· Internal Revenue Service: over 700,000 US taxpayers personal data compromised. The attack is considered to be Russia-based — again.
Social media and communications: >747 mln accounts compromised
In social media, people sometimes tend to be too talkative while sharing data not just with friends, but with advertisers as well — the companies that collect information about users and their preferences. We pay with our privacy, our attention, and money for the pleasure of staying in touch with friends and acquaintances. But when information about our education, employers and social connections gets exposed — things can become really, really complicated. Social media is perfectly designed for fun and laid-back chatting where privacy and security have never been priorities. Even in 2016, when many popular communication services started employing encryption to protect client data, a number of others proved to be slipshod in terms of data protection.
· LinkedIn: 117 million accounts breached in 2012 became publicly available.
· MySpace: 360 million user emails and passwords posted for sell online.
· Email Service Providers: 270 Million Records published on an underground forum. The giveaway included 57 million Mail.ru accounts, 40 million Yahoo accounts, 33 million Hotmail accounts and 24 million Gmail accounts, belonging to the employees of major banks, manufacturers and retailers. (Probably it’s time to stop using email for sensitive business communications so often).
· Snapchat: personal information of 700 current and former employees stolen using a phishing scam involving an employee email. Attackers just requested and received sensitive data.
5 basic steps to mitigate data breach risks
As soon as you have sensitive information stored in a local company database or in a cloud service, malevolent people can have the reasons to hunt for it. Nobody is invulnerable. Without extra costs and having a security department, you can still safeguard critical data. Here are the essentials that teams should bear in mind:
1. Employ secure communication services. Quite often the whole system is exposed because of a single letter sent to a malevolent actor. Make sure that you control the ways your data travels across the web to prevent oversharing. VIPole Security for Teams makes maintaining compliance easy.
2. Store data encrypted on laptops, tablets, and phones to stay safe even in case of physical access of attackers to devices. VIPole encrypts data end-to-end to cover this need.
3. Make sure everyone within your team knows how to protect sensitive data. A successful phishing attack may involve a single employee and still cause significant damage. A secure system helps to minimize the influence of human factor.
4. Update your software regularly to get the best service where bugs and vulnerabilities are patched. This rule applies not just to anti-malware systems, but to all the programs you use.
5. Use strong passwords and control the passwords of the employees: their complexity, length, duration of use and regular reset. VIPole solutions for teams and the recent integration with LDAP allow to manage it easily.
VIPole offers end-to-end encrypted messaging and collaboration solutions for teams and enterprises dealing with commercially or personally sensitive information, and individuals wishing to protect themselves from hackers, identity thieves and malware. More at www.vipole.com
