From streamlining business processes to connecting people globally, the Internet has undoubtedly improved lives, but it has also brought about a massive number of risks for which many organizations are often unprepared. As a result, data breaches across a large variety of industries all over the world have practically become commonplace.
Ranked in terms of the largest amount of data stolen, here are the top three security breaches of 2014 thus far:
1) Russian Data Breach by “CyberVor”
Hold Security revealed on August 5 that a Russian cyber-gang they named “CyberVor” pilfered billions of records from international organizations and individuals alike. 4.5 billion records to be exact.
CyberVor’s attack mainly targeted login credentials, according to Hold Security’s summary of the incident. The gang obtained credentials from fellow hackers on the black market at first, but upped the ante when they began utilizing botnets. CyberVor was able to use botnets to identify SQL injection vulnerabilities among the sites of their choosing, and then use those vulnerabilities to steal larger quantities of personal information—such as email addresses and passwords—from the databases of their victims.
In late February to early March, unknown attackers gained access to a handful of eBay’s employee credentials, which ultimately provided them access to a database of customer data. The database included names, encrypted passwords, phone numbers, physical and email addresses, and other non-financial data.
Luckily for customers, the company stated in a blog post on May 21 that they had not yet seen any signs of unauthorized user activity or compromised financial information. It is estimated that a majority of the company’s 145 million customers were affected, but the exact number is still unclear. Regardless, eBay decided to err on the side of caution and alert all of its customers to change their passwords.
3) Home Depot
On September 1, Home Depot confirmed that hackers had gotten a hold of an estimated 60 million credit card numbers over the course of approximately five months. Surprisingly, the company was not the first to mention the breach to the public. Instead, it was Brian Krebs, an information security buff who let the world know, resulting in a class action lawsuit in Georgia against Home Depot, Inc.
The Home Depot stores that were compromised are located in the United States and Canada, according to Paula Drake, a company spokeswoman. This means that any customer of these 2,157 stores could have been affected. On the bright side, online shoppers are not affected, and no debit card PINs were stolen.
So, how do other companies avoid making the same mistakes? They can start with requiring 2-factor authentication for all Internet facing systems. Further assuring that basic security tools, such as Anti-Malware, are regularly updated and appropriately deployed can prevent the spread of known malicious software for a low cost. Finally, the combination of strong logging, a SIEM, and a vigilant SOC place a good defense when security technologies fail and require an organization to respond quickly.
About GuidePoint Security
GuidePoint Security, LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Reston, Virginia, and with offices in Michigan, New Hampshire, Florida and North Carolina, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.