Over the last 12 months, a number of high profile data breaches have made headlines, exposing the personal information of millions. Here are some of the biggest security breaches that caught our attention, and what impact they had on the companies and victims involved.
In April 2013, the world’s largest document sharing website, Scribd, detected “suspicious activity” on their network. It appeared to be a deliberate attempt to access the email addresses and passwords of registered users.
While only 1% of users were affected, from a subscription base of 100 million users, that’s still one million users! In an effort to rectify the situation, Scribd emailed all customers affected, advising that they reset their passwords.
The incident follows a string of other security scares for document sharing providers, including Dropbox in 2012 and SharePoint in 2013. To better protect your documents in the cloud, remember to update your password regularly and, if sharing sensitive documents, use an enterprise-grade platform.
In February 2014, Apple released iOS 7.0.6 and Mac OS X 10.9.2 after a serious bug was discovered in its SSL/TLS authentication protocols.
Developers found a duplicated line of code, which meant that some transmitted data to and from iOS and OS X devices was not encrypted. Hackers exploiting this vulnerability could easily have staged “man in the middle” attacks, allowing them to intercept things like passwords and logins.
The additional code is suspected to have been in place since September 2012. Think of all the online banking, emails and Internet purchases you’ve made since then! Users are encouraged to update all of their Apple devices immediately.
On February 18 this year, the personal records of over 300,000 staff, students, and faculty members of the University of Maryland were compromised. An outside source gained access to a records database that held information dating back to 1998. Though no information was altered, it’s believed that social security numbers, names, dates of birth and university ID numbers were duplicated.
The breach is now under investigation by state and federal authorities, and U-Md plans to provide 12 months free credit monitoring to those affected. Staff, students and faculty members – both past and present – are encouraged to submit fraud alerts to their credit agencies.
In January 2014, Target confirmed it had been the victim of a security breach, with as many as 110 million customers affected. The breach is suspected to have taken place between Nov 27 – Dec 15 2013, and included the theft of 70 million names, home addresses, email addresses & phone numbers, and 40 million debit and credit card details.
Cyber security expert, Brian Krebs first reported the breach on December 18, 2013, however the public was only made aware of it in January. Target’s profits took a 46% hit after the announcement, with the company vowing to speed up its adoption of more secure payment technology.
On 24 March 2014, Trustmark National Bank and Green Bank (which issue MasterCard branded credit cards and debit cards), filed a lawsuit against Target, seeking damages for the expenses incurred cancelling and reissuing compromised cards, and for the absorption of fraudulent charges.
Between July 16 – October 30 2013, 1.1 million customers of Neiman Marcus were affected by a data breach of the retailer’s payment systems. Malicious malware was installed at in-store terminals, capturing the credit and debit card information of customers as they made purchases. MasterCard, Visa, and Discover confirmed that as many as 2,400 credit cards had been fraudulently used since the breach was discovered, though customers are not liable for the charges.
Following the announcement, Neiman Marcus’ share price dropped. The company is now offering 12 months free credit monitoring to affected shoppers. To reduce your risk of a retail fraud, ask your bank to issue you new credit & debit cards equipped with microchips.