Data breaches are happening at such an alarming rate, that it’s getting hard to keep count: there are just so many ways that data breaches can occur, from ransomware to hacking, to pure carelessness. In a world where we have to provide our data in order to sign up for various accounts, we are left with no choice but to trust these companies with our sensitive information. Companies, therefore, need to take extra measures to keep their customers’ data secure, but with cybercriminals occasionally getting the upper hand, hacks are inevitable. Here we outline some of the biggest data breaches of 2017.
Nowadays it’s rare a week goes by without a major data breach hitting the news and bringing us back to reality. Nearly every app or business requires an email, password, and various forms of private information to gain access to their product or service. We readily enter our details and naively have faith in the system. Unfortunately, as time passes, data breaches increase in regularity. It is estimated that data breaches alone will cost businesses a whopping $8 trillion over the next five years. It would seem that they are not only becoming more frequent but also more serious with time.
Even more alarming, a report by Bitdefender found that of the companies questioned, two-thirds admitted that they would pay on average $124,000 to keep a hack under the table, leaving the unsuspecting public (and victims) in the dark. With cybercrime being an ever-growing phenomenon, there has never been a better time to jump into the field of cybersecurity.
Here we give you some of the largest data breaches announced in 2017
May 12, 2017: Data-as-hostage is a concept that just a few years ago would have sounded absurd, but today it is becoming all the more common. Ransomware is a form of malicious software (or malware) that can infect a computer system or device. Although not a data breach directly, it can be the underlying cause of data breaches. The WannaCry ransomware attack affected more than 300,000 Microsoft Windows computers across 150 countries worldwide. This included public utilities such as the National Health Service in the UK as well as large corporations. WannaCry ransomware locked files on infected computers by encrypting data. The culprits then demanded money from victims in the form of Bitcoin cryptocurrency payments. Even though the attack was intercepted within days (after a UK cybersecurity researcher discovered a kill switch) it is estimated that total damages ranged from hundreds of millions to billions of dollars. On December 18th, 2017, it was formally asserted that North Korea was behind the vicious attack.
It’s important to note that it was only those that had not installed Microsoft’s security update in April 2017, were affected by the attack. The attack itself was possible due to one of the leaked Shadow Brokers Windows vulnerabilities, known as EternalBlue. Windows’ update in April was due to have fixed the bug. Any institution or individual that has not downloaded the update was therefore vulnerable to the ransomware. This only highlights the importance of keeping computers and devices updated at all times.
June 13, 2017: Verizon is the largest wireless telecommunications company in the US, with as many as 149 million subscribers. Unfortunately, as many as 14 million Verizon customers were left exposed by a data breach, after an employee at Nice Systems left their data on an unsecured Amazon server: the mobile carrier suffered the breach due to a careless employee, when the employee in question accidentally set the cloud storage area to allow for external access, according to a Verizon spokesperson. This means that anyone who knew the web address could download the files. It appears then that this wasn’t so much of a data ‘breach’ but more ‘data carelessness,’ leading to the vulnerability of the data. Verizon claims that no other external party had access to the data and that no theft of customer information took place. The records included data on customer’s names, numbers, addresses, email, account PIN as well as their Verizon account balance. In other words, a lot of personal and sensitive information.
The breach itself was spotted on June 13th, but it wasn’t until June 22nd that it was re-secured…meaning that there was at least a nine-day period where the data was up for grabs.
August 2017: A massive data breach of Yahoo that occurred in 2013 reportedly affected one billion of Yahoo’s three billion customers. After acquiring professional forensic experts, new evidence uncovered the scale of the data breach. Yahoo has now officially upped the ante admitting in August 2017, that in fact, three billion of its users had leaked accounts, making it one of the biggest data breaches of all time. Information including names, passwords, phone numbers, security questions, birth dates and backup email addresses were all leaked. To put matters into context, that’s almost half of the world’s entire population with their details potentially floating around the dark web. This type of data leak totally destroys a user’s privacy, and could already have been done without a users knowledge – scary stuff. This shows the importance of finding the best ID theft protection around to keep you safe.
Yahoo responded by sending notifications to all of its users who were affected via email and claim that it has “taken steps to secure their [customers] accounts.” Even more shocking, 150,000 US government and military employees were among the victims of the data breach making this hack a national security issue. Two Russian spies of the Russian Federal Security Service (FSB) were indicted in the Yahoo hack.
#4: Equifax Data Breach
September 7, 2017: Equifax is one of the three largest credit reporting agencies in the US. The company experienced a catastrophic data breach, leaving 143 million of its customers vulnerable, and sending shockwaves through the financial world. The sensitivity of the data stolen is as bad as it gets and included driver’s license numbers, Social Security numbers, birth dates, and addresses. A further 209,000 unlucky people also had their credit card numbers compromised, making it one of the worst breaches of not only the year but of all time. This type of data can cause a lot more damage than most. Far worse than a hacker gaining access to a username and password of one account, gaining information on this level of sensitivity is far more dangerous. This powerful data can not only allow cybercriminals to take over accounts and steal funds, but can also be used to open fraudulent accounts by using the victims’ personal data.
The hackers responsible broke into the company’s system between May and July of 2017, by breaking through a weak point in the website software. Amazingly, Equifax only noticed the breach on July 29th. A hack on this scale could affect consumers for years to come. If you were one of the unlucky ones affected, be sure to check your credit report, keep a close eye on your accounts and freeze your credit card to gain back control. You could also check out some VPN reviews and choose a suitable VPN (virtual private network) to browse from and keep your data as safe as possible.
September 25, 2017: The mammoth accountancy firm Deloitte had its data compromised, originally claiming that only six accounts had been breached. Further investigations revealed that actually the emails of an estimated 350 clients had been exposed. The hacker was able to get his hands on a very large email database. This included emails from the United Nations, four US governmental departments (state, energy, homeland security, and defense), and some of the world’s largest multinationals. Other affected parties include the National Institutes of Health, the US Postal Service, FIFA, as well as airlines and global banks to name but a select few.
The attack itself seems to have started in fall last year when Deloitte was updating its email from an in-house system, to Microsoft’s cloud-based office 365 service. Deloitte’s server was compromised through an accessed admin account. The Guardian reported that the hackers potentially gained access to usernames, passwords, IP addresses, business architecture plans as well as health information. Some of the hacked email content may have also contained sensitive security data. In other words, the damage was great, but knowing the full extent is a tough one to judge. One anonymous source claimed that “The hackers had free rein in the network for a long time and nobody knows the amount of the data taken.”
Deloitte shockingly did not have multi-factor authentication at the time of the breach but has recently introduced it. Encryption software has also been installed in order to prevent future hacks.
November 21, 2017: The giant ride-sharing service managed to deceive its customers for almost an entire year. In November 2017, it was revealed that Uber had concealed a monumental data breach that saw 57 million customers and drivers unknowingly affected. Names, emails, and mobile numbers were among the details gathered by the cybercriminals. Of those, 600,000 drivers had not only their names but also their license details exposed.
The hackers didn’t gain access to Uber’s internal system itself but managed the breach through GitHub. A service that Uber’s software engineers and developers use to collaborate on software code. The hackers were somehow able to access a private area of GitHub to get their hands on Uber’s login credentials to Amazon Web Services – a cloud computing service used by many companies to store data. Once in, hey presto. The hackers had access to all the information they could dream of.
Uber gave into blackmail and it was found that the company paid the two successful hackers $100,000 to delete the data and keep the whole thing hush-hush. According to Bloomberg, Travis Kalanick (the company’s former chief executive) knew about the breach over a year ago. How the company got away with keeping a hack of this magnitude under wraps, instead of immediately alerting the affected parties, is beyond belief. Who would have thought that a ride home after a late night out could cost more than just a few bucks, but your identity? As a result, Uber’s London license has now been revoked and the company is doing all that they can to address the issue.
Bottom Line – How to Keep Your Data Safe
It is clear that the convenience of today’s day and age comes at a cost. With our lives becoming forever busier by the day, more and more people turn to technology and services to make their lives ‘easier’. With services like Uber, life is suddenly much more convenient. But it would seem that this convenience can be costly if data is breached.
Seeing as so many data breaches are not reported immediately, companies seem to be doing all that they can to not only down-scale breaches but also cover them up. It’s therefore not surprising that it is hard to feel that your data is truly safe anywhere online. Who knows what data breaches are happening this very second and whether or not your personal information is floating around the dark web somewhere. Yahoo waited a mind-boggling three years before releasing details about its infamous breach.
It is because of this that new data breach laws are being proposed. The new law would mean that if data breaches are not reported, it would be a crime, punishable by up to five years in jail. Although this means that the public in the future will be more aware of data breaches, it doesn’t look like they are going to slow down anytime soon.