2012 has been another disturbing year filled with millions of sensitive records stolen, often due to a startling lack of security by the owner of the information.
I’m sure Santa has been paying close attention to this year’s data breaches so that he knows which stockings need to be filled with coal!!
South Carolina Department of Revenue – 3.8 million records An attacker broke into the systems of the South Carolina Department of Revenue using a phishing email to steal a user’s username and password. The attacker was then able to access and steal names and Social Security numbers for many of the state’s residents. This attack could have been defended by adding multi-factor authentication and also encrypting the sensitive data stored in the database.
Global Payments – ~1.5 million records Once attackers were able to compromise sensitive data within the Global Payments systems, they were able to purchase low denomination prepaid credit cards and then encoded the stolen data onto the prepaid cards’ magnetic stripe on the back of the cards. The thieves were then able to purchase even higher denomination prepaid credit cards, which were then used to buy electronics and other high priced goods.
Nationwide Mutual Insurance – 1.1 million records Attackers were able to steal customers’ names, Social Security numbers, driver’s license numbers, and birthdates from Nationwide and Allied Insurance systems. Concerns of class action lawsuits from customers who have had their data stolen is now becoming a driver for organizations to strengthen their security posture. Civil litigation may become an efficient deterrent to poor data protection.
Let’s hope that 2013 is a more secure year than 2012!!