2017 Came with success and failure for multiple organizations – At Your Digital Mind we have compiled the largest failures of data breaches for 2017
When it comes to cyber-security attacks, 2017 has definitely seen its’ fair share of breaches. Many of these only recently came to our attention after years of attacks has been completed and only just now being realized. Other attacks were the direct result of misconfigured technology or human error which accidentally exposed vital personal information of millions of different users. Yet a few others were also caused by mishandling of data by third-party firms. Your Digital Mind has compiled a list of some of the largest and most impacting data breaches and data leaks of 2017.
By far one of the largest and most publicized data breaches of 2017 – Equifax tops our list by impacting nearly 145.5 million Americans’ personal and financial data. Hackers exploited vulnerabilities that were possible after months worth of unpatched Apache Struts servers were identified. The known vulnerability was patched and made available a month before the attack was actually carried out. News of the breech was released in September and since then Equifax has been the target of scrutiny over a number of practices including delayed disclosure, Information Security policies and procedures as well as overall handling of the breach to their customers, stockholders and the media. Directly following this they have also been slapped with lawsuits and direct investigations from various States, Congress and even the FBI.
Because of the depth, severity and impact – Equifax’s breach easily takes the number 1 position for the largest data leak for 2017.
In October of 2017, the Bermuda-based law firm Applyby revealed it has suffered a ‘data security incident’ in 2016 that ‘may have information that could be leaked’. They added “We are disappointed that the media may choose to use information which could have emanated from material obtained illegally and that this may result in exposing innocent parties to data protection breaches. Having researched the ICIJ’s allegations we believe they are unfounded and based on a lack of understanding of the legitimate and lawful structures used in the offshore sector.”
Appleby has some of the world’s richest people and companies as their clients including US Commerce Secretary Wilbur Ross, the Queen of England, Tory Party donor Lord Ashcroft as well as large firms of the like – Facebook, Apple, Twitter and Nike to name a few. The companies official release pointed towards that any, and possibly all, companies will face similar data breaches and that it is about remediation after the fact than before.
All indications point to very lax security practices – many of which could have been prevented or otherwise made the attack more difficult to complete.
Most people would assume that one of the largest US based Health Insurance Companies would be rock solid when it comes to data security and by in large you would be correct, with the exception of one employee. A consulting firm discovered that one of its employees had been involved in identity theft and has actually emailed themselves a file which contained a large amount of data from Anthem members. This file included Protected Health Information ( PHI ) including the health plan ID number, social security numbers, dates of enrollment, Medicare contract numbers, birth dates and full names.
While not necessarily an attack on security practices or lack there of – the Anthem data breach was the direct result of internal ( or third-party ) attacks on the network they were authorized to have access to.
When it comes to restaraunts you have to think – just how much of my inofmration do they really have access to and what would a data breach look like? Well – the main thing they have of your is your payment information, which is exactly what was compromised during their data breach in 2017.
An investigation which was sparked after some fraud cases began pointed towards the point-of-sale ( PoS ) devices at most of the restaraunts. It was identified that there was specific malware designed to attack these devices and steal critical data from the card swipes themselves. “The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device,” Chipotle said.
Basically this means – if you used your card to pay for a meal at Chipotle in 2017 – contact your financial services institution and get a new card, now.
It is not often that a US Military Contractor and Global Security Firm is compromised – but unfortunately that is exactly what occurred with TigerSwan. In an attack that simply boils down to lack of attention to detail – the TigerSwan security firm had thousands of files containing sensitive and personal data of the US Military and intelligence personnel being exposed via an unsecured Amazon server. The firm Upguard had discovered the Services S3 storage bucket and that it had been configured for public access. This data breach contained files and documents going back to 2009 which in cluded personal and confidential data of thousands of job applicants – many of which were deemed to be “Top Secret” US Government entities.
While not directly affecting the general population, this does affect the general US population as their security and intelligence personnel information was make – for lack of a better term – public.
InterContinental Hotels Group:
Continuing on with malware attacks designed to take payment information, The InterContinental Hotels Group fell victim to a compromise that lasted nearly 2 months. From Setember 29th to December 29th, 2016 this malware targeted data on the magnetic strips of payment cards pulling the customers’ names, card numbers, expiration dates and also verification codes. The breach was announced in 2017 stating that hotels such as Holiday Inn, Crown Plaza, Hotel Indigo, Staybridge Suites and Candlewood Suites were all compromised during this time.
In one attack that happened years ago – Imgur had suffered a major attack in 2014 where the email addresses and password combinations of over 1.7 million user accounts were compromised. This data breach of the photo-sharing site giant Imgur was not alerted until Thanksgiving weekend of 2017 but a public disclose was announced the very next day. “We have always encrypted your password in our database, but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time,” Imgur said in their disclosure.
Credential data breaches are not uncommon and while this did affect nearly 2 million individuals, it appears that the core of the issue was only related to account access.
Cloud storage issues are a dime a dozen but when it hits one of the ‘big boys’ it is not only an issue but hits the news. Security Firm Kromtech had discovered an unsecured Amazon Web Services S3 storage container in September of 2017 which contained a large number of sensitive information about internal operations of Verizon Wireless. This repository not only contained internal communications or server logs but also usernames and password that could have been exploited to access other, more classified, parts of Verizon’s infrastructure.
During an unrelated event, Verizon was under the spotlight when UpGuard had found that a third-party firm accidentally exposed data of over 6 million Verizon customers in another misconfigured Amazon Web Services S3 bucket.
Transportation companies may not come under much scrutiny but when you are as large as Uber – there will always be some who try to exploit and attack the network. This ride-handling giant has confirmed that in 2016 there was a huge data breach that resulted with the compromise of 57 Million users including the drivers data. This attack was not localized to the United States but spanned the entire globe. In the UK alone about 2.7 Million users and drivers had their data exposed.
This attack was originally covered up for over a year and had even paid hackers a sum of nearly $100,000 to delete stolen data and to keep quite about the breach. This information was subsequently leaked and a formal announcement was made.
WikiLeaks’ Vault 7 CIA leaks:
Wrapping up our list, when it comes to data breaches and leaks – Government entities are never short on the list. Recently there has been a large number of documents and related information released from attacks and whistleblowers alike. The later contains one of the more famous locations – WikiLeaks – that published a large number of alleged confidential CIA documents exposing spies across the world as well as tools used by hackers and nation state actors alike included in the Valut 7 release.
In September, the website created by Julian Assange released another round titles ‘Spy Files: Russia” that supposedly describes surveillance contractors operations in Russia with state authorities and strict domestic laws using a program dubbed”System for Operative Investigative Activites” or SORM. Near the end of 2017, WikiLeaks released another wave of ‘secret’ documents named Vault 8 stating it is to “enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components”