UNDER ATTACK?

Data breaches: the top 10 of 2017, which one was the worst?

Data breaches: the top 10 of last year

We all know last year has been a struggling period for cybersecurity, just look at the incredible numbers of the ransomware phenomenon ( Petya as an example ). Hackers attacked a lot and a lot of data have been stolen. Attackers stole personal information, passwords,… anything valuable and in this article we try to count down the worst of the worst. No one wa safe, as testified by the Unicredit hack . The top 10 of the data breaches the world faced last year. Get ready, here we come!

Data breaches: 10. Accenture

Apparently, it happened that some Amazon Web Services S3 storage buckets were not safe because of Accenture. They left this material without any protection and it included information about secret API data, passwords, certifications, description keys and general information about customers. These servers were public, anyone could have downloaded this information without any particular effort.

Data breaches: 9. Carbon Black

DirectDefense (a security solution provider), during the month of August, dicovered an important weak spot. This vulnrability concerns Carbon Black, particularly its endpoint detection and response (EDR). The focus is on the multi-scanner service that Carbon Black uses to upload files. This is a third-party service that exposed thousands of sensitive data and documents on the security vendor’s customers.

[post-button]

Data breaches: 8. Deloitte

In September a report from the Guardian highlighted how a Deloitte server has been hacked. Hackers gained access to emails of the staff of the company and private information about customers in the top federal and private sectors. The company discovered the attack in March, but the attack took place in October/November of 2016.

Data breaches: 7. Cloudflare

Cloudflare in February:

“1 in every 3.3 million requests could have been leaked.”

This was said in February of last year, while the hacking included: PII data, passwords, encryption keys, HTTP POST bodies, HTTP cookies and HTTPS requests. What caused this leak? Edge servers that ran past ther buffer and returned memory which sensitive data in it. This was then cached by search engines.

Data breaches: 6. Republican National Committee Contractor

During last June another Amazon Web Services server was exposed. This repository was a property of a Republican National Committee Contractor – related firm (in terms of marketing). This leak led to the exposure of 200 million people voting data as well as personal information regarding voters such as names, addresses, dates of birth, phone numbers,…

[post-button]

Data breaches: 5. Dun and Bradstreet

During March of last year a Dun and Bradstreet database left exposed something like 33.7 million e-mail addresses. This database included several information such as job titles and functions, phone numbers, corporate intel. Moreover, thousands of data of At&T, Boeing, FedEx, Xerox, IBM and Dell employees were in the database as well as records of employees of the Department of Defense.

Data breaches: 4. US Securities and Exchange Commission

U.S Securities and Exchange Commission (SEC) disclosed some details about an intrusion of 2016. The problem was a vulnerability in the database filling application. In particular in a filling component of the EDGAR system. This weak spot allows users to obtain the visibility of publicly filed financial regulatory documents. SEC Chairman, Jay Clayton said:

“the introduction provided the basis for illicit gain through trading.”

[post-button]

Data breaches: 3. Uber

This specific data breach took place in 2016 but has only been disclosed in 2017. Hackers managed to gain access to more than 50 million accounts of riders and drivers. Company management paid the hackers a significant amount in order to not disclose the information about the data breach and delete all the stolen data.

Data breaches: 2. Verizon

As we approach the number one data breach, the danger grows. 14 million Verizon customers (around the 10% of the total subscribers) – the ones who called Verizon service line during a six months time frame – were affected.  PINs, names and numbers were part of the material exposed. This is some real evidence that supports the idea of switching to a cloud-based data protection practice.

Data breaches: 1. Equifax

Here we are to number one. Last September Equifax said that a huge data breach affected around 140 million customers on July 29. Basically, it was caused by a vulnerability in the US website app that granted the access to some files. The whole leak included names, Social Security numbers, addresses, birth dates, personal information documents and credit card numbers

[post-button]

How can I have the best protection available?

In order to assure to your business the best tool available, Swascan developed a special cybersecurity platform. It is completely in Cloud, Pay per Use and SaaS. You can see for yourself in our brochure: Cybersecurity platform and have an in-depth look at our services. Our four services cover all the governance needs in terms of risk management and periodic assessment. Basically, if you need to understand the areas in which your efforts must focus, GDPR Self-Assessment, Vulnerability Assessment, Network Scan and Code Review are the right tools for you. Last but not least, don’t forget GDPR: our platform is 100% GDPR compliant ( GDPR infographic ).

Meltdown and Spectre: the new faces of cybersecurity
Records of processing activities
NAVIGATION
SWASCAN SRL

COMPANY SUBJECT TO THE MANAGEMENT
AND COORDINATION OF TINEXTA S.P.A.

Headquarters: Via Fabio Filzi, 2b
20063 Cernusco sul Naviglio MI - Italy

VAT: 09399680967

© 2017 - 2024 | Swascan Srl

Cyber Incident Swascan Emergency

Contact us for immediate support

The undersigned, as data subject, DECLARES that I have read and understood the content of the privacy policy pursuant to Article 13, GDPR. AGREE to the processing of data in relation to the sending by the Data Controller of commercial and / or promotional communications relating to (i) own products / services, or (ii) products / services offered by third parties.
The consent given may be revoked at any time by contacting the Data Controller at the addresses provided in the aforementioned privacy policy.