Data security breaches happen daily in too many places at once to keep count. But what constitutes a huge breach versus a small one? For some perspective, we take a look at 15 of the biggest incidents in recent memory.
Heartland Payment Systems
Impact: 134 million credit cards exposed through SQL injection to install spyware on Heartland's data systems.
TJX
Impact: 94 million credit cards exposed. According to KNOS Project cofounder and chief architect Kevin McAleavey, this was possible because TJX's network wasn't protected by any firewalls. Albert Gonzalez, hacking legend and ringleader of the Heartland breach, was convicted and sentenced to 40 years in prison, while 11 others were arrested.
Epsilon
Impact: Exposed names and e-mails of millions of customers stored in more than 108 retail stores plus several huge financial firms like CitiGroup Inc. and the non-profit educational organization, College Board.
RSA
Impact: Possibly 40 million employee records stolen. The impact of the cyber attack that stole information on the company's SecurID authentication tokens is still being debated. The company said two separate hacker groups worked in collaboration with a foreign government to launch a series of spear phishing attacks against RSA employees, posing as people the employees trusted, to penetrate the company's network. EMC reported last July that it had spent at least $66 million on remediation.
Stuxnet
Impact: Meant to attack Iran's nuclear power program, but will also serve as a template for real-world intrusion and service disruption of power grids, water supplies or public transportation systems.
Department of Veterans Affairs
Sony PlayStation Network
Impact: 77 million PlayStation Network accounts hacked; Sony is said to have lost millions while the site was down for a month.
ESTsoft
Impact: The personal information of 35 million South Koreans was exposed after hackers breached the security of a popular software provider.
Gawker Media
Impact: Compromised e-mail addresses and passwords of about 1.3 million commenters on popular blogs like Lifehacker, Gizmodo, and Jezebel, plus the theft of the source code for Gawker's custom-built content management system.
Google, etc.
Impact: Stolen intellectual property. In an act of industrial espionage, the Chinese government launched a massive and unprecedented attack on Google, Yahoo, and dozens of other Silicon Valley companies. The Chinese hackers exploited a weakness in an old version of Internet Explorer to gain access to Google's internal network.
VeriSign
Impact: Undisclosed information stolen. Security experts are unanimous in saying that the most troubling thing about the VeriSign breach, or breaches, in which hackers gained access to privileged systems and information, is the way the company handled it -- poorly. VeriSign never announced the attacks. The incidents did not become public until 2011, through a new SEC-mandated filing.
CardSystems
Impact: 40 million credit card accounts exposed. CSS, one of the top payment processors for Visa, MasterCard, American Express is ultimately forced into acquisition.
AOL
Monster.com
Impact: Confidential information of 1.3 million job seekers stolen and used in a phishing scam.
Fidelity National Information Services
Impact: An employee of FIS subsidiary Certegy Check Services stole 3.2 million customer records including credit card, banking and personal information.
No comments:
Post a Comment