The Top 10 Data Breaches

Written on February 11, 2008 by Jerson

Stolen hard drives, websites infected with malware and Social Security numbers as passwords–the most brilliant lunacy of a year full of security disclosures.

10. Monster.com — New Job Posting on Monster.com: CISO for Monster.com?
Victims: 1.3 million
Class Action Outrage Scale: 9 out of 10 lawyers

Hackers allegedly stole legitimate credentials from Monster’s job-seekers to plant malware on the site and execute a phishing scheme. Later we come to learn Monster waited five days to inform customers. When it did, the disclosure letter sounded like a legal CYA, referring to Monster as “The Company” and constantly reminding victims that this kind of things happens to companies all the time. The news hit right after Monster reported lower-than expected earnings and planned layoffs. Ouch!

9. Commerce Bank of Wichita, Kansas — Now That’s Just Showing Off
Victims: 20
Class Action Outrage Scale: 0 out of 10 lawyers

So Commerce discloses that a hacker gained access to a customer database, but that the bad guys only managed to ascertain 20 personal records. “The hacking was quickly detected and stopped, according to the bank,” noted one news story. Twenty records? Anyone else get the sense this is some marketing scheme? You know, set up a breach and stop it quickly to show how effective your security is? PR Genius!

8. Indianapolis Power and Light — Keeping the Lights on a Little Too Long Maybe
Victims: 3,000
Class Action Outrage Scale: 4 out of 10 lawyers

Names, addresses and Social Security numbers of 3,000 Indianapolis Power and Light customers were inadvertently posted online … for up to four years. Of course, a power outage would have solved the problem.

7. TSA — Doing DHS Proud!
Victims: 3,930
Class Action Outrage Scale: 7 out of 10 lawyers

Two laptops with names, addresses, birthdays, Social Security numbers and commercial driver’s license numbers of truckers who transport hazardous materials are missing and considered stolen from TSA. Don’t worry, though. How easy could it be to pose as commercial truck driver transporting hazardous materials with only that information?

6. Shaw’s Supermarket — ’What Should We Use for Passwords? Oh, I Know!’
Victims: 472 store employees
Class Action Outrage Scale: 2 out of 10 lawyers

First, an “individual entered a secure area of the … store and stole a desktop computer,” according to a disclosure letter from the Salem, N.H., store. Doesn’t the fact that a person entered and stole something make it, um, a not secure area of the store? But hey, it was just a training computer. Well … there is this: “The store associates log on to this system by using their Social Security numbers as passwords.” Probably because bank account numbers are too hard to remember.

via [CSOOnline]

Posted in Hacks, Info, Network Security, Threats, Web Security

If you enjoyed this post you might want to subscribe to our RSS Feed!

- - - -

Comments are closed now, So Sorry!.