In light of some recent high-profile security breaches, we compiled the top 5 data security breaches that Internet users should know about.
Data security breaches can have a very severe impact on our modern lives. Many people rely heavily on the Internet to access financial accounts, personal data, images, and conversations. We often take for granted the fact that a private discussion or password-protected profile cannot be accessed by an unauthorized person. In reality, hackers often move just as quickly – or quicker – than the technology we have come to depend on.
2005 – CardSystems Solutions
CardSystems Solutions suffered a SQL Trojan attack in June of 2005. The attack forced code into the database through a browser every four days. This process stored data in a .zip file that was sent back to the hackers through an FTP server.
CardSystems never encrypted its customers’ personal data, which meant that the hackers were able to access names, verification codes, account numbers, and other vital information. A total of 40 million credit cards were compromised. What made the incident more frustrating was that CardSystems passed an audit in 2004 – however it was not complying with the necessary data storage standards after the audit.
2006 – U.S. Department of Veteran Affairs
In May of 2006, the U.S. Department of Veterans Affairs suffered a harrowing security breach that compromised the information of 26.5 million former and current military personnel and their families. In this case it wasn’t faulty software but rather human error that lead to the breach.
A laptop that contained a database was stolen from the Maryland home of a V.A. analyst. It’s bad enough to lose the hardware, but the database compounded the situation significantly. It contained everything from names and birth dates to disability ratings and social security numbers of people who had or were serving in the U.S. military.
The analyst reported the theft to police on May 3rd but the Veterans Affairs Secretary was not informed until May 16th. The FBI was also notified, however the public was not warned until May 22nd. Luckily the stolen equipment was returned on June 29th. It was estimated that it would take between $100 and $500 million to recover from the incident and prevent a future breach.
2007 – Fidelity National Information Services
In July of 2007, Fidelity National Information Services suffered a security breach that was somewhat similar to the Department of Veteran Affairs incident the previous year. This time, though, instead of an unknown thief, the culprit was a former employee.
William Sullivan, owner of the Florida-based S&S Computer Services company, was fired from Certegy Check Services, a Fidelity National subsidiary. In retaliation, Sullivan stole data then sold it to a broker. The broker ended up re-selling the data to numerous marketing firms. When the incident was made public, Fidelity faced a class action lawsuit for negligence. Sullivan ended up serving nearly five years in prison and had to pay $3.2 million in fines.
2009 – Google and the Silicon Valley
Google, Yahoo, and many other Silicon Valley companies found themselves under unprecedented virtual assault virtual in 2009. The Chinese government had put hackers to work in which they exploited a flaw in an older version of Microsoft’s Internet Explorer which gave them access to internal networks.
The public was informed that China was attempting to mine information on human rights activists. While no one knows exactly what data was successfully stolen, Google did admit that some of its intellectual property was taken. The attack caused Google to consider denying services to all users in China.
2011 – The PlayStation Network
Video games are a very profitable industry these days, which is why a breach of Sony’s PlayStation Network had such a widespread impact. The network was hacked and gave unauthorized individuals access to 77 million accounts. The data included 12 million unencrypted credit card numbers as well as user passwords, email addresses, customer names, home addresses, purchase history, and other private data.
The PlayStation Network breach made many question the security measures taken by large companies like Sony. In the end, Sony lost millions and the network was inaccessible for about a month. Users were advised to be careful who they share their data with while IT professionals were urged to make sure security controls are consistent throughout all areas within their companies or organizations.