Data and security breaches are a fact of life. Organizations are aware of the threats and putting their best efforts up to prevent them as much as possible. Industries across the entire spectrum have been exposed in recent years. I will go through a few examples to show how pervasive this issue has become.
One prominent data breach occurred in late 2013. At that time, the US retailer Target experienced a cyberattack. As a result, approximately 40 million credit cards were exposed. This number was later corrected. In fact, over 79 million customer records were stolen. The information included names, addresses, phone numbers, and emails as well. In this particular instance, subcontractor Fazio Mechanical Services was able to steal the data by having access to multiple locations at the firm. The contractor found a way to install malware on Target’s servers that allowed them to divert data (Krebs 2014).
Office of Personnel Management
The Office of Personnel Management (OPM) is in charge of recruiting and retaining personnel working for the US government. It suffered two major data breaches in 2014 and 2015.
- 19.7 million records on individuals who applied for background checks. The data included mental health information and financial records.
- 1.8 million records of people who simply lived in the same house with applicants. These people were not even part of the actual application process and are considered collateral damage.
- 5.6 million records included fingerprints.
This incident is considered a worst-case scenario for the agency, given the sensitive nature of the exposed data. Information about health status, fingerprints, etc. is irreversible compared to a credit card number that simply can be deemed invalid and replaced with a new one (Office of Personnel Management 2018). The incident had significant consequences. The Director of OPM, Katherine Archuleta, and the CIO, Donna Seymour, resigned under pressure from Congress (Johnson 2016). The FBI attributed this breach to a Chinese National who created the malware Sakura that was used in the breach (Perez 2017).
The consumer credit reporting service Equifax provides reports on consumer credits and provides monitoring services for tens of millions of users. In 2017 it reported a breach that affected 145.5 million people in the US (Equifax 2017, Hackett 2017). The breach was severe in nature since social security data, unlike credit card information, are not easily changed. The somewhat disappointing background to this breach is that vulnerabilities had been reported to Equifax by a vendor as well as the Department of Homeland Security. Nevertheless, it occurred. It was about failing to update a patch to the Apache Struts Web application framework, which was key to Equifax’s infrastructure at the time (Goodin 2017).
If you wish to continue reading the eBook, I invite you to download a complimentary copy by clicking on the button below.