Data breaches: A story that seems to never end
By Farhan Subhan.
Throughout our time on planet Earth, there have been major developments in nearly all aspects of life; from the industrial revolution to the events revolving around Y2K. Even with the doubts of the year 2000, and how calendar storage data was going to be affected due to the transition into the new generation, technology has undoubtedly grown exponentially into being a very integral part of our personal and business lives. However, in nearly all cases of growth, there are some struggles. In this case, data breaches. Data breaches can be found in many forms e.g. phishing, loss or theft of hard copy notes, ransomware, and unauthorized access. Concerning the extent of the data breach, this can vary from losing your credit card information to huge multinational corporations with employee and customer data at risk.
The actual data breach does not have to be in a digital form in order to be considered a data breach. But as we have transitioned into a digital society, these breaches have also evolved from classified papers in a brief case being stolen to online pirates procuring over a million credit card details and being sold on the black market. A breach does not necessarily mean that it is stolen per se, but if said protected data was to become accessible then it is considered to be a breach. The question that we ask now is, what do these attackers do with these pieces of data? One answer is: capitalize on the data. Attackers will either want to take advantage of credit card information instantly, or they hold onto it and then start to slowly take advantage of said persons information for many years.
Since the start of the Millennium there have been many, yet unsurprising, data breaches within huge multinational corporations. The nature of the data that was exposed is varied amongst these companies, for e.g. if we look at companies like Yahoo and MySpace we can see that the type of attackers who were responsible for these breaches were in fact identity thieves. We will now look at examples of the biggest data breaches within multinational corporations since the start of the 21st century:
MyFitnessPal
In February 2018, MyFitnessPal was subject to a data breach where 617 million customers had their accounts leaked and offered for sale on the black market, around the same time that Dubsmash. The company did acknowledge this breach and then advised customers to then change their passwords and help them improve their security. However, they did not share how many were affected nor did they explain how their data was compromised.
Adobe
In October 2013, Adobe reported that hackers had stolen nearly 3 million customer credit cards as well as login data for an undisclosed amount of user accounts. Consequently, later during that month, they mentioned that ID’s and encrypted passwords for 38 million users were included in the compromised data. Unfortunately, this amount surpassed 150 million users resulting in Adobe to pay $1.1 million in legal fees and an undisclosed amount to user for violation of the Customer Records Act.
This major social networking platform for business professionals had become a target for social engineering attacks but in 2012 the site also had user data leaked. 6.5 million passwords were stolen and posted onto a Russian hacker forum, but it took four years for the incident to be revealed. The hacker was then found to be selling the data for 5 bitcoins, which resulted in LinkedIn resetting the passwords of the affected accounts.
As with most errors, these breaches could have been prevented if the companies mentioned above had taken the correct steps in order to prevent these breaches. If the companies had undertaken regular risk assessments then they could have made sure that the procedures used to deal with data were in fact correct but if there were any errors, then they could have made sure this was rectified in order to prevent the data from being leaked. After these leaks, the company could invest more money in staff training for cyber security so that employees are taught more about data breaches and the common mistakes which can lead to a data breach. Incorporating this within the company’s culture will be beneficial for the foreseeable future.
To conclude, data breaches still do exist in many forms ranging from phishing attacks to huge data losses by corporations. These breaches will still continue to exist in our society unless people are made aware of what cyber security has to offer and actually be inclined to learn more about it which can then be incorporated into their personal and work lives, so that data breaches can be brought to a minimum.