October is National Cybersecurity Awareness Month, and what better way to heighten everyone’s awareness of the perils of lax security than to reminisce about some of history’s biggest blunders. We’ve scoured the history books, and graded the most catastrophic breaches in the past ten years, to decide the top five hacks that take the cake. Without further ado, here’s number five.
For over a month hackers had access to the personal client data of the second largest insurance company in the US. The cyber attack exposed the complete profiles of current and former customers, including names, addresses, and social insurance numbers. Though it is unknown exactly how many clients were impacted, it is estimated that data of at least 78.8 million individuals were accessed. No financial or credit card information was stolen, however, the number of individuals impacted and the fraudulent behavior made possible by the type of data acquired gets this on the list. The attack is said to have happened as a result of a clicked link in a phishing email. Attackers showed an understanding of the data platform, and used valid admin login credentials to access the database.
Sony’s PlayStation Network was successfully targeted in 2011. The hackers made away with login credentials and personal information of all 77 million users impacted, including names, addresses, emails, and date of birth. It is unknown how many users’ credit card data was also compromised, but it is thought to be over 12,000, though in an encrypted form. As a result of the hack, the PlayStation Network was down for 23 days, $15 million was paid out to those compromised in the attack, and Identity theft insurance policies were provided to users. Full details of how the breach occurred was not public because it was subject of an on-going criminal investigation, though Sony has said that they believe they have identified how it happened.
In 2017 hackers gained access to the credit-reporting agency’s database, compromising names, social security numbers, dates of birth, addresses, and for some, drivers licenses number. Though initially reported to have impacted 143 million individuals, the number was later corrected to 148 million. In addition to this, approximately 209,000 credit card numbers were also stolen. The breach was a result of outdated software on an Internet-facing web server, which allowed the attackers to make 9,000 queries and ultimately gain entry to a database that included the credentials necessary to access other databases.
The attack began in 2014, but was only discovered in 2018. While the extent of the hack is unknown, it is thought to have compromised the personal information of approximately 500 million individuals (name, contact information and passport numbers), and the credit card numbers and expiration dates of over 100 million customers. The attack targeted Starwood Hotels, which was later acquired by Marriott in 2016. Marriott revealed that the hackers accessed a guest reservation database of Starwood, but hasn’t disclosed exactly how access was gained.
In 2013 Yahoo was victim to the largest hack to date. Though initially it was reported that a mere 23 million accounts had been compromised in the event, the company later admitted that all 3 billion users at the time had been impacted. Though no personal or financial data was acquired, the sheer number of individuals impacted brings this to the top of the list. Notwithstanding the 2013 event, this hadn’t been the company’s first or last experience with cyber criminals. In 2012, hackers stole 200 million usernames and passwords, and in 2014 a separate attack compromised information of 500 million accounts. In 2016 data from these hacks went on sale on the dark web, and a complete copy of the data set has been sold to at least three buyers for roughly $300,000. It is unknown what method attackers used in the 2013 data breach.
The Role of the MSP
When some of the largest companies in the world with multimillion dollar cybersecurity budgets are falling victim to the actions of cybercriminals, it emphasizes that cybersecurity is multi-faceted, complex, and the level of security is not always correlated to the amount of money thrown at the issue. Whether it’s social engineering or technical prowess that breaks through IT defences, the only certainty is that the blame will fall on one entity. As we’ve seen in recent attacks, this entity can be an MSP. Though this may be true, the responsibility to keep one’s guard up is on everyone; including the client or customer.
We’ve put every effort into making IT Glue as secure as possible and are always looking for innovative ways to make it even more ironclad (hint: there’s new stuff landing soon). With MyGlue, you can even extend to your clients the security and peace of mind that you enjoy. Further to this, with our automated network documentation and diagramming tool, Network Glue, you can supercharge your clients’ networks through the integration with third party tools, such as RapidFire Tools’ Network Detective.
IT Glue’s award-winning documentation platform allows for efficient storage and retrieval of all the documentation that managed service providers need to increase efficiency. To learn more about IT Glue, sign up for a demo today!