The Worst Data Breaches of 2016

The Worst Data Breaches of 2016

2016 has been quite an interesting year for cybersecurity. Not only was it among the most hotly debated issues in the Presidential election, but the industry itself has seen much activity, both good and bad. Efforts were made to shrink the cybersecurity skills gap,  there was a significant increase in common knowledge of various types of cyber-threats, and combating cyberbullying is set to be one of the main areas of focus for First Lady-elect, Melania Trump.

Despite this prosperity, however, there have been more ransomware attacks and data breaches affecting companies across all industries in 2016 than ever before. Among the most affected are technology, government, and healthcare, and this means that almost all of us could possibly have been touched by one data breach or another. Among the largest data breaches disclosed this year are the multiple Yahoo breaches, the numerous breaches within the healthcare industry, and there was even a breach on the country’s maritime defenders, the US Navy; Each of these has its own precious data that should have been protected. Here, we take a closer look at a few of 2016’s worst data breaches as well as what companies can do in the event they are attacked in the future.

Yahoo!

Breaking earlier this week was the news of yet another Yahoo data breach; only this time, it’s record-breaking. Over one billion (yes, billion with a ‘B’) accounts were compromised in this hack back in August of 2013. This news, coming on the heels of a different breach that affected over 500 million Yahoo users in 2014 (disclosed in September of this year), has turned many against the company, causing the public to discredit the company almost entirely, seeing as their lack of cyber defenses put over a billion of us at risk.

Not only did Yahoo put over 1.5 billion people’s data in the hands of cyber-criminals, but the type of data that was leaked is extremely private information. When asked about the 2013 data breach, Yahoo said, “The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (an original string of data that is converted into a seemingly random string of characters) and, in some cases, encrypted or unencrypted security questions and answers.”

As though this isn’t bad enough, of those email accounts that were affected, over 150,000 came from FBI, CIA, White House, and other government and military employees. This means that this data breach has put not only the public’s personal information at risk, but also information related to our national security. “It’s a leak that could allow foreign intelligence services to identify employees and hack their personal and work accounts, posing a threat to national security,” a Bloomberg article noted on the Yahoo breach.

Yahoo plans to contact to those users who might have been affected in either of these breaches via email. The company also provides a help link to aid users in recognizing whether or not their accounts have been hacked. Yahoo says that if any of the following are true of your account, you should update your password and recovery information with them.

  • You’re not receiving any emails.
  • Your Yahoo Mail is sending spam to your contacts.
  • Your account info or settings were changed without your knowledge.
  • You see logins from unexpected locations on your recent activity page.

The Healthcare Industry

Healthcare was affected by cybersecurity threats heavily in 2016. Hospitals and other providers were the primary targets of ransomware threats and there were a significant amount of data breaches as well. Though no single breach came anywhere close to the number of infected users as the Yahoo breach, there were many breaches that resulted in the number of users infected adding up quickly.

The largest of these breaches was against Banner Health in Phoenix, Arizona, which impacted 3.62 million individuals. The breach happened over the months of June and July earlier this year. Banner Health discovered unusual activity on its computer servers in late June and found evidence of two attacks. In these attacks, hackers accessed both patient records and credit- and debit-card transaction records from customers who had purchased food and beverages at the hospital. They sent physical letters in the mail to their affected customers to notify them of the breach, but the center’s image took a serious hit after exposing so much of the Phoenix area’s data.

The most recent healthcare related data breach, that hit Quest Diagnostics earlier this month, only exposed 34,000 users. Even though this is a small number compared to some of the other breaches, there are tens of thousands of people whose information is now at risk. Because of this breach, as well as the build up of others in the medical field this year, cybersecurity professionals are devoting much of their work toward protecting the healthcare industry in the future.

U.S. Navy

As though it is not bad enough that the medical field has been so highly targeted by this type of attack, the U.S. Navy was hit by a data breach this year as well. Personal data for more than 134,000 sailors, past and present, was exposed in this breach, including names and social security numbers. The breach occurred because of an unsecured Hewlett Packard Enterprise (HPE) laptop. HPE told the US Navy that one of its laptops operated by a contractor had been “compromised,” however it didn’t provide any further information about how the breach.

Though The Naval Criminal Investigative Service claims that none of the exposed data has been used for any malicious purposes, it has been access by “unknown individuals,” so the Navy is taking this breach very seriously. Navy personnel boss Vice Adm. Robert Burke said in a statement”…this is a matter of trust for our sailors… We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach.” Similarly to Yahoo, the Navy plans to email those who might have been affected by this breach in order to prevent any further damage from happening.

How to Avoid Data Breaches in 2017

IT professionals generally emphasize prevention when it comes to securing your company against threats in the cyber-realm, but there is a consensus among these professionals that it is not a matter of if your company will face a data breach, rather when.

Though this may sound ominously pessimistic, it doesn’t mean that you can’t prepare in some way to secure your company and its customers so that they survive the breach unscathed. There is not one single way that this can be accomplished, but by implementing the tips below, your company can fight back and protect its important data when hit with this inevitable hack.

  1. Breach acceptance–When it comes to data breaches, preventative measures have seldom worked in the passed, this is why it is important for companies to accept that a data breach is unavoidable. By accepting the breach, your organization can create a plan to handle this inevitable attack.
  2. Locate your critical data and encrypt it– Encryption of data makes it harder for cyber criminals to steal it. Figure out where your important data, such as names, social security numbers, bank account information, passwords, and other personally identifiable information (PII), is stored and make it as secure as you possibly can.
  3. Store and manage encryption keys– Keep keys secure, in a vault, away from any encrypted data. With these vital keys to your customers’ encrypted data, you need to protect them, so as people come and go from your organization, be cautious as to who you share this key with. Implement a process to limit, change, and revoke any keys from those who have access to them in order to better protect this data. Do not allow anyone to make copies of this sensitive information.
  4. Control user access– Determine who should and should not have access to your data. Implement strong authentication processes for those who you have approved access, so as to make it harder for cyber-crooks to gain access to your data.

Data breaches are going to happen, but by being prepared for when they do hit, your company can be protected. Not only will its client data be secure, but it can also save your company time, money, and prevent a blemish to its public image.

To stay up-to-date on recent data breaches across all industries, click here. To learn more about how Axiom Cyber Solutions can aid in your company’s preparations against data breaches, email us at info@axiomcyber.com.

Hailey R. Carlson | Axiom Cyber Solutions | 12/16/2016]]

About the Author