Sales
0161 215 3814
0800 953 0642
Support
0800 230 0032
0161 215 3711

2017: A Year In Cybersecurity Breaches

2017 has been a transformative year for cybersecurity. What was once the interest of a few professionals is now at the front of mind for every consumer who hands over personal information online.

Because those who cannot remember the past are condemned to repeat it, let’s take a look back at the most impactful data breaches to see if there are any learnings we can bring with us into a new year.

2017_cybersec_breach

2017

11 January
LLoyds Bank

A DoS attack was levelled at the bank, usually implemented to disrupt or completely take down a service, but this attack came with no ransom or calling card. This DoS attack lead the bank’s IT security experts to methodically switch off services in different locations, which affected customer’s services for the next few days.

20th March
Three

Mobile company Three experienced their second data breach in 2017. The quirky technical issue, flagged first by their customers, would display a different customer’s details when logging in to Three’s online portal. In effect, customers had access to the complete details of another Three customer’s data, at random. The issue is now cleared up.

9th April
Wonga

UK payday lender Wonga discovered that the data and bank details of up to 270,000 of its current and former customers might have been compromised. The company recognised the breach and provided a premium-rate helpline alongside advising more concerned customers to change their passwords.

2nd May
Handbrake Video Converter

One of the download mirrors for the video converter software was compromised by malware. OSX.PROTON, a remote access Trojan, allowed attackers access to users webcam, logged keystrokes and allowed for the uploading and downloading of files and screenshots.  The issue was caught quickly and rectified, with the company making an announcement on their blog as soon as the issue was discovered.

19th May
DaFont.com

One of the biggest font sharing websites, DaFont compromised its users with its outdated encryption methods. The theft of its users data was possible thanks to an SQL injection vulnerability, and the fact that the website was storing passwords with an outdated algorithm. 637,000 usernames, email addresses and passwords were compromised as a result.

29th July
Equifax

Credit rating agency Equifax was arguably the victim of the year’s biggest data breach. Reported figures suggest that as many as 143 million customers could have had personal data stolen, and their efforts to rectify the situation were made worse by yet more failures and uncertainty on their website.

31st July
HBO and Game of Thrones

In what would become a series of leaks, hackers breached HBOs servers, getting away with 1.5 terabytes of data on the cable network’s biggest show. Hackers levelled a $6.5 million ransom to stop release of the stolen content, but HBO refused to negotiate with the demands.

1st September
River City Media

The email marketing firm, or spam farm (depending on how you look at it) exposed its database of 1.37 billion email addresses thanks to a faulty backup. In January of this year the company made a backup of their database which was, somehow, accidentally published to the internet without any password protection.

28th October
Heathrow Airport

Proving that cybersecurity means more than just computers, this data breach was the result of a lost USB stick. The unencrypted, unprotected stick was found in the street, and contained 76 folders with maps, videos, and other security arrangements at Heathrow, even including the Queen’s precise route when passing through the airport.

2018?

UKFast webinar

Webinar: Cybersecurity Predictions for 2018

What cybersecurity concerns can we predict for 2018 and how should you prepare your business accordingly? Sign up now to hear from the experts.

Date:Wednesday 6th December
Time: 11am
Duration: 1 hour

Register Now

Share with: