Security Takeaways from 7 Big Data Breaches of 2017
An unprecedented number of confidential documents were breached in 2017.
In the first half alone, the Breach Level Index from Gemalto showed that about 1.9 billion data records were lost or stolen, and that’s a whopping 164% increase compared to 721 million during the previous 6 months. There were 918 data breaches worldwide compared with 815 in the last six months of 2016.
When it comes to security breaches, it seems that hacking and ransomware get all the attention. But many breaches are caused by accidental loss or theft, and internal threats – malicious and otherwise – are significant too.
Here is how some of the biggest data breaches of the year happened or were made worse, and safeguards that would improve information security.
- PHISHING EMAILS: Internet search giant Google was the victim of a phishing scam that reached about one million of its users. While the attack was quickly stopped, users who clicked on a bogus link may have given hackers access to their email accounts. Safeguards: User education programs should be on-going and current. According to the 2018 State of the Phish Report, ‘smishing’ is the next growing threat (it's when senders try to trick the user into downloading malware onto a mobile device).
- NO ENCRYPTION: One million student records were put at risk when a locked safe containing a hard drive was stolen from Washington State University - and much of the information was unencrypted. Safeguards: Experts recommend encrypting confidential data in transit and at rest.
- NOT PATCHING: When credit reporting firm Equifax's database was hacked, 143 million customer records in the U.S. and up to 400,000 in the U.K. were exposed. An investigation showed the cause appeared to be a web-application software vulnerability – but a patch that had been issued a few months earlier had not been installed. Safeguards: Security updates must be installed as soon as they’re issued.
- RANSOMWARE: A ransomware attack on Britain's National Health Service (NHS) and related systems froze computers causing health and patient havoc in the U.K. and around the world. Safeguards: Ransomware infects computers, and can bring operations to a stand-still. Keep all IT safeguards up-to-date, and back up sensitive data and store it off-site.
- PASSWORDS: Web service provider Yahoo admitted last year to a 2013 breach that leaked the usernames and passwords of 3 billion email and other accounts. The exact cause of the breach has not been determined. Safeguards: Password hygiene is critical especially using unique passwords for every website and account.
- LAX INCIDENCE RESPONSE: After a quarter of a million accounts were breached, Wonga, a Payday loan company, made things worse by waiting too long to alert customers. Safeguards: Breach response should always be open, honest, and timely. An incident response plan would help prevent further damage, protect reputation, and facilitate compliance.
- EMPLOYEE ERROR: Zomato, an online India-based entertainment guide was the victim of a massive data breach after an employee’s account was compromised due to employee error. Data was stolen from about 17 million users. Safeguards: Security awareness training should work with IT safeguards. In this case, there should have been an additional level of authorization for all employees with access to sensitive data. Embed security processes and policies in other areas too, including secure information disposal and destruction.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.