Top 7 Data Breaches of 2017
According to the 2017 Ponemon Cost of Data Breach Study, the global average cost of a data breach is $3.62 million. A data breach is the intentional or unintentional release of secure or confidential information to an untrusted environment. Other terms for data breach include: unintentional information disclosure, data leak, and data spill.
As threats continue to rise and evolve, understanding and managing cybersecurity risks have become top-of-mind for business and government leaders. Organizations across the world are adopting innovative technologies like cloud-enabled cybersecurity, big data analytics, and advanced authentication to reduce cyber-risks and improve cybersecurity programs. However, data breaches are harsh realities, especially to organizations that are left vulnerable.
Arguably, having a better understanding of past data breaches can help businesses and security professionals think more proactively. So, as we inch closer to the new year, let's review some of the “biggest” data breaches and security incidents of 2017.
September 7, 2017: Equifax, one of the three largest credit agencies in the U.S., suffered a breach that may affect 143 million consumers. Due to the sensitivity of data stolen, including Social Security numbers and driver’s license numbers, this is being called one of the worst breaches of all time. Hackers were able to gain access to the company’s system from mid-May to July by exploiting a weak point in website software. The breach was discovered by Equifax on July 29, 2017 and at that time, they sought assistance from an outside forensics firm. Other compromised data is said to include full names, addresses, dates of birth, credit card numbers, and other personal information. Learn more about the Equifax data breach, including what you can do.
July 13, 2017: A reported 14 million Verizon subscribers may have been affected by a data breach; this may include anyone who contacted Verizon customer service in the past six months. These records were held on a server that was controlled by Israel based Nice Systems. The data breach was discovered by Chris Vickery, who is with the security firm, UpGuard. He informed Verizon of the data exposure in late-June, and it took more than a week to secure the breached data. The actual data that was obtained were log files that became generated when customers of Verizon contacted the company via phone. Learn more about the Verizon data breach.
May 31, 2017: Sears Holdings, the parent company of Kmart, revealed that Kmart’s store payment systems were infected with malware, but Kmart.com and Sears shoppers were not impacted by this breach. The malicious code has been removed, but the company has not shared how long the payment system was under attack and how many stores were affected. No personal identifying information was compromised, but certain credit card numbers may have been. Learn more about the credit card breach.
May 11, 2017: In May, education platform Edmodo, which claims to have over 78 million members, was breached. The hacker, known as nclay, was found selling 77 million Edmodo accounts on the Dark Web for $1,000. The passwords have apparently been hashed with the robust bcrypt algorithm, and a string of random characters known as a salt, meaning hackers will have a much harder time obtaining user's actual login credentials. Not all of the records include a user email address. Learn more about the Edmodo hack.
5. FAFSA: IRS Data Retrieval Tool
April 6, 2017: The IRS revealed that up to 100,000 taxpayers may have had their personal information stolen in a scheme involving the IRS Data Retrieval Tool, which is used to complete the Free Application for Federal Student Aid (FAFSA). In March 2017, federal officials observed a potential data breach and took the tool down. The IRS said it shut down the Data Retrieval Tool because identity thieves that had obtained some personal information outside of the tax system were possibly using the tool to steal additional data. Currently, the agency suspects that less than 8,000 fraudulent returns were filed, costing $30 million, while 52,000 returns were stopped by IRS filters and 14,000 illegal refund claims were halted as well. Learn more about the extent of the damages.
March 7, 2017: Verifone, the largest maker of point-of-sale credit card terminals used in the U.S., discovered a breach of its internal network in January 2017. When asked, Verifone said the breach didn’t affect its payment services network and was only within the corporate network. The company claims they responded to the breach immediately and “the potential for misuse of information is limited.” Sources say there’s evidence that a Russian hacking group is responsible for the breach, and that the intruders may have been inside Verifone’s network since mid-2016, but nothing has been confirmed. Learn more about the Verifone breach.
7. America’s JobLink
March 21, 2017: America’s JobLink, a web-based system that connects job seekers and employers, revealed its systems were breached by a hacker who exploited a misconfiguration in the application code. The criminal was able to gain access to the personal information of 4.8 million job seekers, including full names, birth dates, and Social Security numbers. Activity was uncovered in the ten states that use the America’s JobLink system: Alabama, Arkansas, Arizona, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont. Learn more about what information was exposed.
Some Closing Thoughts
These seven listed above are just a handful of literally thousands of data breaches that take place across the country each year. For example, as of August 2017, Protenus, which provides patient privacy monitoring in the electronic health record (EHR), stated that the healthcare industry alone reported 233 breach incidents and is on pace to exceed last year’s rate of one healthcare breach per day. So what can we do?
To help remedy & eliminate threats throughout your organization, security must reach beyond the IT department. Being properly trained and informed is no longer exclusively for IT and Cybersecurity Professionals. Instead, it is now the responsibility of everyone in an organization to have at minimum a foundational understanding of security issues and vulnerabilities.
At New Horizons, we are on the cutting-edge of cybersecurity, with training programs designed to ensure that your organization can best prevent itself against attacks and, should one occur, significantly reduce your risk and increase your response time. View our entire lineup of Cybersecurity learning solutions.
Before You Go - Don't Forget to Subscribe to Our Blog
Join our community and subscribe to our blog to receive great content surrounding the IT industry delivered right to your inbox every week!