This week, Atlassian's Hipchat was hacked. This follows the trend of more and more high-profile hacks that are waking consumers up - like Sony, Yahoo, and the Target data breach that rocked the country when 40 million debit and credit card numbers stolen during the holiday shopping time that year. (See a very cool data visualization chart here of all the hacks from 2004 - present.)
Now, it feels like data breaches are a fact of digital life. And while most companies have data breach preparedness on their radar, the threat landscape is ever-evolving. Staying ahead of emerging threats and the increasing sophistication of cybercriminals requires constant vigilance.
Here is a look at 5 of the major data breaches so far this year:
1. Washington University School of Medicine
A Washington University School of Medicine employee fell victim to a phishing attack that may have compromised 80,270 patient records. The medical school learned of the incident on January 24, 2017 — seven weeks after the phishing attack occurred on December 2, 2016, officials said in a statement. The employee responded to a phishing email designed to look like a legitimate request. As a result, an unauthorized party may have gained access to employee email accounts, which contained patient information including names, birth dates, medical record numbers, diagnosis, treatment and some included Social Security information.
2. InterContinental Hotels Group:
In February, IHG, the company that owns popular hotel chains like Crowne Plaza, Holiday Inn, Candlewood Suites and Kimpton Hotels announced a data breach that affected, at the time, 12 of its properties. It has since been revealed, however, that the initial 12 has jumped to 1,200. Malware was found on servers which processed payments made at on-site restaurants and bars; travelers that used cards at the front desk did not have information taken. The malware was active from August-December 2016 and stolen data includes cardholder names, card numbers, expiration dates and internal verification codes.
Have you eaten at Arby’s lately? In February, the company said a data breach may have affected more than 355,000 credit and debit cards. It’s the same kind of malware attack behind earlier breaches at Target and Home Depot. The breach occurred between October 25, 2016 and January 19, 2017. The malware allows hackers to steal data as the card is swiped at the cash register. Arby’s says the malware has now been eradicated. The company stressed it only affected company-owned restaurants, not its franchises. It advised customers to keep a close eye on their credit and debit card statements for unauthorized activity.
4. Saks Fifth Avenue:
Saks Fifth Avenue is the latest retailer to report customers’ personal information has been inadvertently exposed online. In this specific case, BuzzFeed News reported in March that customers’ names, e-mail addresses and phone numbers were visible through a link on the retailer’s website. BuzzFeed said tens of thousands of customers were affected and their personal information was visible “in plain text online” via a specific link on the Saks website were online customers go to join a wait-list for certain products. The company that owns Saks and maintains its online website, Canadian-based department store Hudson Bay Co., acknowledged that some customer data was exposed but it stressed that it is moving quickly to resolve the situation and that key personal data such as credit card information was not exposed.
5. FAFSA & IRS:
Earlier this month the IRS revealed that up to 100,000 taxpayers may have had their personal information stolen in a scheme involving the IRS Data Retrieval Tool, which is used to complete the Free Application for Federal Student Aid (FAFSA). The IRS said it shut down the Data Retrieval Tool because identity thieves that had obtained some personal information outside of the tax system were possibly using the tool to steal additional data.
Currently, the IRS suspects that approximately 8,000 fraudulent returns were filed, processed and returns issued, costing $30 million. 52,000 returns were stopped by IRS filters and 14,000 illegal refund claims were halted as well.
How We Can Help
Good news - the most important step you should take to protect your data online is using end-to-end encryption. This drastically changes the impact of a hack or data breach - there is simply nothing for an attacker to take.
We offer SpiderOak ONE, Groups, and Enterprise, which gives you end-to-end encryption for backing up and syncing your data. Semaphor gives your team messaging and file sharing in a No Knowledge, end-to-end encrypted environment. Only you hold the keys that can decrypt your data.
For more tips on keeping your data safe across your digital life, please see our Information Security Guide. If you have specific questions on how to keep safe, reach out to us on Twitter or Facebook.