Cyber Insecurity: 2017’s Worst Data Breaches
By TLB Contributing Writer: Alden
In 2017, Equifax announced that more than 143 million customer records had been leaked due to a data breach. The Equifax breach qualifies on almost every list as one of the worst data breaches of 2017. It was not, however, the only significant data breach during that year.
At least five other breaches rocked the world in 2017. Here are those stories:
#1 – Uber
In 2017, the ride-sharing company, Uber, revealed a breach exposing information from more than 57 million customers and drivers (although the hack admittedly occurred in 2016). Even worse, Uber concealed the attack from the public and paid the hackers $100,000 to delete the stolen data. As you can imagine, this led to a lot of bad press. The Uber data breach emphasizes the importance of communicating data breaches in a timely manner.
#2 – Yahoo
Yahoo acknowledged its own problems with communicating data breaches in 2017. The company had been hacked in 2013 and 2014. But it did not disclose, until 2017, that all 3 billion of its user accounts had been exposed! At the time, Yahoo was amid selling itself to Verizon when it made this acknowledgement. The announcement cut $350 million off Yahoo’s value in that sale. The delayed announcement resulted, in part, from Yahoo’s delayed discovery of the full extent of the earlier breach. This highlights the difficulties that even large companies have in assessing the damage that a data breach has caused.
#3 – Washington State University
Washington State University lost personal information on more than one million individuals! How? Thieves stole an unencrypted backup hard drive from a locked safe in one of its buildings. Washington State should be commended for backing up its data, but not for failing to encrypt or secure that data. Data backups are crucial in recovering from a ransomware attack or other data breach that destroys critical information systems. Cybersecurity controls over backup systems are no less important than similar controls over primary networks.
#4 – National Security Agency (NSA)
In 2017, the U.S. National Security Agency experienced its fifth data breach in five years. This time hackers stole a virtual disk that stored more than 100 gigabytes of data from an Army intelligence project. The NSA employs the most sophisticated cyber defenses available, yet it couldn’t prevent this breach.
Organizations that do not have the NSA’s resources (basically everybody) should consider investing in a financial safety net. For example, cyber insurance companies track the fallout data breaches to provide better data breach coverage for their clients. Cybersecurity insurance may be the difference between continuing in business and closing a business’s doors forever.
#5 – Edmodo
Last but not least is Edmodo, a K-12 social learning network used by 78 million teachers, students, and parents. In April 2017, the network was hit by an especially complex data breach which leaked 77 million account details to the dark web. It is believed to be the largest breach of children’s data ever!
The world wide web will only get more dangerous and risky in 2018 and beyond. It’s up to companies to find solutions to the problems today, rather than feel the consequences tomorrow.
Click on the image below to visit TLB Project on twitter …