2017 has been a transformative year for cybersecurity. What was once the interest of a few professionals is now at the front of mind for every consumer who hands over personal information online.
Because those who cannot remember the past are condemned to repeat it, let’s take a look back at the most impactful data breaches to see if there are any learnings we can bring with us into a new year.
A DoS attack was levelled at the bank, usually implemented to disrupt or completely take down a service, but this attack came with no ransom or calling card. This DoS attack lead the bank’s IT security experts to methodically switch off services in different locations, which affected customer’s services for the next few days.
Mobile company Three experienced their second data breach in 2017. The quirky technical issue, flagged first by their customers, would display a different customer’s details when logging in to Three’s online portal. In effect, customers had access to the complete details of another Three customer’s data, at random. The issue is now cleared up.
UK payday lender Wonga discovered that the data and bank details of up to 270,000 of its current and former customers might have been compromised. The company recognised the breach and provided a premium-rate helpline alongside advising more concerned customers to change their passwords.
One of the download mirrors for the video converter software was compromised by malware. OSX.PROTON, a remote access Trojan, allowed attackers access to users webcam, logged keystrokes and allowed for the uploading and downloading of files and screenshots. The issue was caught quickly and rectified, with the company making an announcement on their blog as soon as the issue was discovered.
One of the biggest font sharing websites, DaFont compromised its users with its outdated encryption methods. The theft of its users data was possible thanks to an SQL injection vulnerability, and the fact that the website was storing passwords with an outdated algorithm. 637,000 usernames, email addresses and passwords were compromised as a result.
Credit rating agency Equifax was arguably the victim of the year’s biggest data breach. Reported figures suggest that as many as 143 million customers could have had personal data stolen, and their efforts to rectify the situation were made worse by yet more failures and uncertainty on their website.
In what would become a series of leaks, hackers breached HBOs servers, getting away with 1.5 terabytes of data on the cable network’s biggest show. Hackers levelled a $6.5 million ransom to stop release of the stolen content, but HBO refused to negotiate with the demands.
The email marketing firm, or spam farm (depending on how you look at it) exposed its database of 1.37 billion email addresses thanks to a faulty backup. In January of this year the company made a backup of their database which was, somehow, accidentally published to the internet without any password protection.
Proving that cybersecurity means more than just computers, this data breach was the result of a lost USB stick. The unencrypted, unprotected stick was found in the street, and contained 76 folders with maps, videos, and other security arrangements at Heathrow, even including the Queen’s precise route when passing through the airport.