Data breaches are becoming increasingly common – and damaging – as the need for companies to store data where it’s accessible online conflicts with the need to keep that same data safe from prying eyes. Here are some of the biggest breaches in the past couple of years.
Facebook’s March data breach was one of the most infamous of 2018. A company known as Cambridge Analytica was discovered using an app that scraped user data from the social media platform. Initially, Cambridge Analytica claimed that only 30 million users were affected but Facebook was later able to confirm the number as at least 87 million. Even this number may be too low.
As if the Cambridge Analytica scandal wasn’t bad enough, other apps were also found to be scavenging data from the site. Facebook suffered an even more embarrassing breach later in the year when it was revealed that a glitch in the site’s own software was leaving user data exposed. This was hastily corrected but it’s not known how many Facebook users may have had their data compromised.
Lord & Taylor and Saks
Lord & Taylor came under fire a couple of years ago after a major data breach. A raft of credit card details and names was discovered up for sale on a hacker platform by a security firm. The information was traced back to two high-end department stores: Lord & Taylor and Saks. Both stores had suffered a total system compromise and anyone who’d used a payment card at either store was apt to have had their data stolen. Over five million customers were affected and one person initiated a class action lawsuit against Lord & Taylor on behalf of those whose financial details had been compromised.
Online geneology sites are all the rage – but handing over so much personal data should give users pause, especially following the data breach at MyHeritage. In June of 2018, a file was found on a private server outside the company containing the emails and hashed passwords of every user who’d registered since the previous October.
This incident shows why making an effort to get the best IT support for your business should not be ignored. You really cannot afford to cut corners. It also highlights the importance of storing only encrypted passwords and keeping user data separate from login information. Because MyHeritage stored hashed passwords, the attackers could not log into the users’ accounts. They also lacked access to the geneological data — in fact, it appears that all they had was the email addresses. Any data breach for a company like MyHeritage is bad news, however.
In one of the most dramatic data breaches of recent times, attackers seized control of two databases owned by the Sacramento Bee newspaper. One contained the personal details of the paper’s subscribers. Perhaps even more disturbingly, the other database consisted of voter registration data provided by the Government. The hackers demanded a huge ransom for the data, which the paper refused to pay. Instead, they took the step of deleting both databases from their servers so that a similar attack could not occur in the future. This was bolting the stable door after the horse was gone, however, as the attackers promptly publicised the information online.
The Ticketfly attack is another example of a data breach where the initial motivation was blackmail rather than simple data theft. Ticketfly is an online ticketing service engaged in selling tickets for concerts and sporting events. Their website was hacked and taken down for over a week, disrupting their operation and making sales impossible. Things went from bad to worse when the attackers demanded a ransom and Ticketfly refused. The attackers responded by uploading the personal details of Ticketfly staff and users to the hacked website where they were publicly visible.
Avoiding data breaches is a matter of good security. Ensure that you and your staff are up to date on the latest social engineering tactics and that all your computer systems are properly updated, patched and protected by security software. There is no excuse for poor security in the current day and age and the impact of a data breach could be very grave indeed. In fact, a lot of businesses underestimate the consequences. However, just think about the reputational damage and the money lost because of fraud losses, fines, and the cost of fixing the vulnerability and repairing your reputation. So, no matter whether your business is big or small, prioritizing security is of huge importance.