It was an evening of April 1986, when millions of people watching a movie on HBO saw an unusual message displayed on their television screen. It was from a hacker who called himself “Captain Midnight”, and he was not too pleased with HBO’s monthly $12.95 subscription fee.
Some people found it amusing, others found it strange and worrisome. Nevertheless, it was just for a few minutes. HBO went back to their usual telecast, and the incident did not have any damaging repercussions for the network.
Ironically, times have drastically changed now. With numerous positives, there are some negative effects of technology as well. Today, the annual worldwide damage that these hackers can cause, has reached up to trillions of dollars. This is the reason why cybersecurity breaches and ransomware attacks are grabbing a global attention.
In this post, we will discuss the top 5 cyber security breaches in the past decade that took the business world by storm.
1. The 2013 Cyber Attack on Yahoo
In 2013, Yahoo reported that an unknown source attacked their most valued information about their users, which involved their names, email addresses, phone numbers and things like security questions.
According to Yahoo, the attack was allegedly done by some “state sponsored” players. The timings were also very odd, as Verizon was in the process of purchasing Yahoo at that time.
The unfortunate incident decreased their market value by US $350 million. A total of 3 billion records were compromised by that attack.
2. First American Corporation, 2019 Security
In 2019, the New York State Department Financial Services (NYDFS) pressed charges against First American Corporation about a unique web error, leading to multiple compliance related issues.
This attack spared the company’s server and instead, a new type of web design error occurred with the authentication process. To access company’s documents, authentication was suddenly no more required. This happened due to an Insecure Direct Object Reference (IDOR) error, which gave everyone access to the direct links of the enterprise. After gaining access to those links, the hackers used Advance Persistent Bots (APB), which enabled them to retrieve rest of the data.
User’s bank account numbers, mortgage records, tax files, bank statements and even the pictures of their driving licenses were compromised in this cyber attack.
885 million records were affected in this attack. The company’s reputation was also severely damaged, as they could not detect the problem for years. There was definitely a lot of negligence in accurately assessing the risk of a defective computer program. The security posture of their IT infrastructure was also poorly reviewed.
NYDFS pressed charges against them and the company had to go through a lot of public embarrassment.
3. 2017 Equifax Data Breach
A security lapse in one of Equifax’s websites led to a very damaging security breach that cost the company US $700 million. This money was awarded as compensation for the people who got impacted by the attack.
There was a vulnerability in their application, and the perpetrator was able to exploit that to full advantage.
The cyberattack greatly damaged their reputation, which was also followed congressional inquiries into the matter. This entire fiasco was attributed to two factors. Firstly, the vulnerability and the breach went unnoticed for months. Secondly, the compromised data had very sensitive information of users. This included their social security numbers, home addresses and even their credit card information.
For the cyber miscreants, the inadequate segmentation of the system made room for smooth lateral movements across their IT infrastructure. They were able to access information of about 148 million people.
4. Leaked Account Information, Facebook 2019
Recently, Facebook has been under tight scrutiny due to their shady privacy and security policies. In 2018, Facebook announced that they would alter their security policies. Despite that, 540 million accounts were compromised with leaked information in 2019.
Apparently, the security of multiple databases of Facebook was not up to the mark. Encryption and passwords were not strong enough to secure their databases and anyone could find them with a little effort. These databases were mostly US, UK and Vietnam based.
Phone numbers, and even locations of their users got compromised. Since then, Facebook is trying to up their cybersecurity game.
5. Target Gets Targeted by Unknown Cyber Attackers in 2013
In 2013, an unknown third-party attacker was able to gain access to Target store’s network. After that, they were able to access a database of customer service, and infiltrated it with a malware attack. This gave them access to sensitive and confidential information about thousands of their customers.
Target had to face a lawsuit from 47 states in the US, to which they had to pay US $18.5 million as settlement. US $10,000 had to be paid to the customers who suffered losses. Additionally, they paid US $10 million in class-action settlement.
A total of 60 million data records of user’s names, phone numbers, and even their credit card verification codes were compromised. The Latvian hacker who made this particular malware is serving 14 years in prison for this offense.
The rapid surge in cybersecurity attacks continues to haunt businesses. They vigilantly try to minimize the risk of data breaches, and to avoid the corresponding damages as well. Gartner suggests that enterprises should deploy Cloud-based security solutions to improve the cybersecurity posture of their IT infrastructures.
The journey of minimizing damages from cybersecurity breaches requires vision, determination and ownership on the part of organizations.
Cloud Service Providers (CSP), like dinCloud, provide top-notch Cloud-based services and solutions,/ with special emphasis on security. dinCloud offers multiple layers of security, along with 2 Factor Authentication (2FA), IP reputation filtering, encryption of data and free system snapshots / back-ups for up to 10 days, to provide secure and reliable Cloud Computing services for your enterprise.