Here is list of 10 notable breaches that left hundreds of millions of people and their personal information at risk this year.
SNAPCHAT – January 2014 – The supposedly private photo and video messaging app was hacked near the first of the year resulting in phone numbers and usernames of up to 4.6 million accounts being posted to public forums like Reddit.com and downloaded by a website called SnapchatDB.info. The security gap was due to user data being stored in plain text and the lack of the basic security measure of rate limiting. Later in the year, a third party vendor, Snapsaved.com, announced their servers were hacked which resulted in a breach of over 200,000 accountsand thousands of photos and videos made public.
eBAY – May 2014 – In late February or early March, more than 145 million users login credentials and postal addresses were exposed due to a cyberattack on eBay’s database earlier in the spring. The corporate network was breached when hackers compromised employee credentials that were reportedly encrypted with presumedly a weak algorithm or stolen decryption keys. Though initially confused, the company later confirmed that no financial or credit card information was compromised. Criticized for not responding appropriately or in a timely manner, the company slowly urged users to change their password and to not reuse their old password across other sites.
HOME DEPOT – September 2014 – Though the Department of Homeland Security warned retailers of their systems potentially being compromised, Home Depot didn’t become aware of their attack until September when 109 million records were leaked, including 56 million credit and debit cards and 53 million email addresses. Hackers gained access to in-store payment systems and stole data off the company registers during point of sale. The stolen financial information was sold on underground cybercrime sites. Facing 44 civil lawsuits in the U.S. and Canada, Home Depot has offered twelve months of credit monitoring to its customers. This attack came after a series of earlier security breaches by Home Depot employees who allegedly stole personal information of some 30,000 individuals.
iCLOUD – September 2014 – Backed up nude photos of Hollywood celebrities and many others were leaked due to a “brute force” access of targeted iCloud and Find my iPhone accounts. The hack, popularly known as “Celebgate,” included the posting of photos on 4chan which quickly spread throughout the internet. Though Apple denied the breach, reports of it knowing about the security hole as early as March were released.
SONY – November 2014 – Sony’s systems were hijacked in late November with initial threats of releasing secrets if monetary demands weren’t met. Warnings were made against the release of “The Interview.” Days later, it was reported that personal and financial information of over 47,000 celebrities, freelancers, company executives, and current and former employees was leaked. Some of the information obtained was from an Excel file without any password protection. The damage also led to the postponement of showing “The Interview.” Now confronted with a class action lawsuit for not securing its computer network and protecting confidential information, Michael Lynton, CEO, said the company has not given in to the demands of the hackers.
JPMORGAN – September 2014 – Over the summer, hackers gained access to data on more than 76 million account holders. Names, addresses, phone numbers and emails of customers who use the company’s online financial services were obtained. Information on an additional 7 million small businesses was also accessed. Security experts have reported that breach could have been avoided by a fix to a server that was apparently overlooked.
UNIVERSITY OF MARYLAND – February 2014 – One of the University of Maryland’s records database suffered a “sophisticated” attack at the first of the year with names, Social Security numbers, birth dates, and university ID numbers stolen from over 309,000 students, staff, and alumni. No records were altered but a copy of the information was made. A year of free credit monitoring was offered by the University.
USIS – August 2014 – US Investigation Services, a U.S. Homeland Security contractor that is responsible for more than 21,000 background checks per month for government employees suffered leak of personal information that affected more than 25,000 employees of the Department of Homeland Security, U.S. Immigration and Customs Enforcement, and U.S. Customs and Border Protection units. This was also the same firm that vetted former NSA contractor, Edward Snowden, and Navy Yard shooter Aaron Alexis. Exposed information included birth dates, family names and addresses, Social Security numbers, as well as health, education and criminal history.
USPS – September 2014 – More than two-dozen servers at the U.S. Postal Service came under cyber attack with blame being placed on state-sponsored Chinese hackers. More than 800,000 employees and 2.9 million customers were left vulnerable. Names, birth dates, Social Security numbers, addresses, dates of employment were some of the information obtained. It took two months to develop a response and mitigation strategy before shutting down the threat.
NATIONAL OCEANIC AND ATMOSPHERIC ADMINISTRATION (NOAA) – September 2014 – The U.S. weather service’s satellite network critical to forecasts, warnings, and disaster planning was hacked by the Chinese. Though cybersecurity teams responded immediately, officials did not notify authorities until late October. It’s unknown as to whether classified information was accessed.The system was deemed vulnerable due to a serious lack in security measures. Around the same time, systems at the U.S. Department of State and the White House were also hit.
More and more people are giving away their personal information for the enjoyment of smart devices or even without realizing it. We urge you to take privacy seriously. Here are several tips to protect your data:
- Make sure your passwords are strong (no personal information, common words or sequences, make them long, use special characters when possible).
- Do not use the same password for multiple accounts.
- Password protect all your devices.
- Consider a password manager.
- Use two-factor authentication when available.
- Use WPA2 encryption when setting up or using Wi-Fi.
- Use whole-partition or whole-disk encryption on your devices.
- Encrypt sensitive information before storing or sending.
- Use security lockout feature.
- Consider installing remote wipe.
- Only download apps from reputable vendors (Windows Phone Store, Apple Store) to reduce the risk of receiving a malware-laden version.
- Turn off location services, GPS, Bluetooth, and Wi-Fi until you need these services.
Privacy Policies & The Web
- Know what information you are giving access to. If it’s not information critical to the function of the app or service, consider passing.
- Since much of user information is sold for advertising, use social networks at your own risk.
- Disable 3rd party cookies.
- Consider monitoring your credit year round.
- Restrict access to your credit report if you are at risk of identity theft.