Top 5 Data Breaches in History
If you work in cyber security, chances are you are at least familiar with what CMMC is. The Cybersecurity Maturity Model Certification (CMMC) is intended to serve as a verification mechanism to ensure that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks (source: OUSD A&S). Getting your certification is a process, and one that Secure Halo offers assistance with to help get you ready. For more information, click here.
5) LifeLock
LifeLock cofounder and former CEO Todd Davis was the victim of identity theft 13 times between 2007 and 2008. If that makes you want to say “Aww, poor guy,” you must have missed the company’s 2007 ad campaign that was featured online and on TV, billboards and trucks across the United States.
The campaign depicts Davis wearing an earnest expression and a suit and tie and holding up his social security card. Printed alongside this image are Davis’ name and social security number. In the ad, the company promised to protect its customers against identity theft.
Taking the ad as an invitation, cyber-criminals posing as Davis obtained a loan and opened accounts with AT&T, Verizon and a Texas utility, leaving Davis with the bills. The Federal Trade Commission later fined LifeLock $12m for deceptive advertising.
4) FriendFinder
More than just data was exposed when adult dating and entertainment company FriendFinder Networks sustained the most significant breach of 2016.
Hackers got their dirty mitts on 20 years of historical customer data after compromising 412,214,295 records stored in databases belonging to Adultfriendfinder.com, Cams.com, Penthouse.com, Stripshow.com and iCams.com.
Former users who had deleted their accounts must have been gutted to realize that their email addresses were exposed along with those linked to active accounts
3) Yahoo!
The once-popular search engine and webmail makes the list for suffering the biggest data breach ever recorded (among other breaches).
Yahoo said no data was taken during two data breaches in 2012, but the company eventually admitted that cyber-attackers had gained access to an eye-watering 3 billion Yahoo accounts in 2013.
The following year, another breach at the internet service company impacted over 500 million user accounts. Hackers swiped names, email addresses, birth dates, telephones numbers and answers to users’ security questions — data which later turned up for sale on the Dark Web.
2) Boeing
Data worth $2bn was swiped from aerospace company Boeing in what could be the longest-running data breach in US history.
Between 1976 and 2006, Greg Chung stole around 250,000 pages of sensitive aerospace documents related to the US space shuttle and military aircraft, including the B-1 bomber.
Chinese-born Chung, who changed his first name to Greg when he became a US citizen, stored the stolen documents on makeshift shelves he had installed in crawlspace underneath his home in Orange, California.
In 2009, Chung became the first American to be convicted of economic espionage and was sentenced to 15 years and nine months behind bars. He died in prison in 2020 from Covid-19.
1) Swedish Transport System
The personal data of nearly every Swedish citizen was leaked in one of the worst government information security disasters of all time. What made this gargantuan exposure worse is that the T Swedish Transport System essentially did it to themselves.
In 2015, the Transportstyrelsen hired IBM to manage its networks and databases. Then the agency uploaded onto cloud servers an IBM database containing details of every vehicle in the country.
Next, the agency emailed the whole database to subscribed marketers in messages written in clear text. After discovering their error, the agency tried to fix the mistake by emailing a new list to the subscribers and asking them to delete the earlier one.
Swedish IT entrepreneur Rick Falkvinge said the incident “exposed and leaked every conceivable top-secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation.
It then came out that the agency’s director general, Maria Ågren, had put her ink on a deal that allowed IBM staff in Czechoslovakia and Romania with no security clearance to access the database. She was later fired and fined
HOW SECURE HALO CAN HELP.
Penetration Testing
Attackers scan for vulnerabilities that will open the door into organizations. But how do you find every vulnerability and how do you know which to prioritize fixing? Trust the Secure Halo Find, Fix, Protect approach. We assess your network security, reveal vulnerabilities, and recommend decisive actions to maximize limited resources. To learn more, click here.