By Beth Watts
Dec 15, 2016
As a data security company, Jungle Disk regularly receives reports of cyberattcks. Since we offer data security products like encrypted backup and network protection, we commonly have conversations with customers about how they figured out that they were hacked and recommendations on how they can go about securing their business’ critical data. The goal is to do your best to ensure it never happens again or at least make sure your business’ data is protected. As 2016 comes to a close, it makes me wonder… what were some of the biggest data breaches this year? I did some research and found the top five data breaches from around the world that are important to be aware of.
Internal Revenue Service, February 9, 2016 - Early in the year, the Internal Revenue Service (IRS) announced that the data breach they discovered back in May 2015, was significantly bigger than they originally thought. Back in May, the IRS said over 100,000 U.S. taxpayers had their personal information compromised when the agency’s “Get Transcript” system was hacked. However, in February 2016, those numbers have been increased to over 500,000. The IRS thinks a Russia-based criminal operation is responsible for the data breach and that identities were stolen to file fraudulent tax returns in the future.
LinkedIn, May 17, 2016 - At LinkedIn, 117 million emails with password combinations that were stolen by hackers four years ago popped back up online. At the time the breach occurred, affected members were told to reset their account passwords. That information then was made publicly available in May 2016. LinkedIn quickly invalidated passwords of all LinkedIn accounts that were created before the 2012 breach and had not undergone a reset since the breach occurred. Fortune Magazine reported a Russian hacker, who goes by “Peace” was selling 117 million email and password combinations on a dark web marketplace.
Oracle, August 12, 2016 - Oracle, who owns the widely used MICROS point of sale (POS) system, became the victim of a data breach, which was announced to the public in August of 2016. Security expert Brian Krebs first reported, it was unclear as to the size and scope but said that a large Russian cybercrime group, the Carbanak gang, was likely to blame (the customer support portal was seen communicating with a server known to be used by that group) and that they had placed malware on company computers and on the MICROS customer support portal to steal usernames and passwords. Many experts also agree the hackers may have planted malware in the MICROS POS and that they could be responsible for serious data breaches at retailers around the country.
Dropbox, August 30, 2016 - In 2012, Dropbox helped a small amount of users secure their accounts after some usernames were stolen. At the end of August 2016, Motherboard reported that more than 68 million Dropbox users had their usernames and passwords compromised in that initial breach. As of now, it does not look like the accounts have been illegally accessed and Dropbox prompted all users who had not reset their passwords since 2012 to make the change.
San Francisco Municipal Transportation Agency, November 25, 2016 - Most recently, San Francisco’s public railway system was infected with malware over Thanksgiving weekend, which resulted in locked kiosks and computers causing two days of free rides for passengers. The system went back online on Sunday, November 27th. Fortune reached out to the hackers, who said it was not a targeted cyberattack. The breach was an automated attack or “spray and pray” in which an automated system sends links to malware out to a large number of prospective victims. Allegedly, an IT administrator at the transportation agency clicked on the link and downloaded the malware files unknowingly. In a stroke of irony, the hacker responsible for the extortion attempt got hacked himself shortly thereafter. Apparently, another hacker was able to guess his email security questions to get into his email and identify other bitcoin wallets he was affiliated with.
While 2016 was the year of ransomware, we hope you and your business protect your critical data by implementing the proper tools and products to help you keep a vigilant online presence in 2017. Cheers to keeping your data safe in the New Year!