Top 10 data breaches in 2016: bigger scale and more serious
It was another year, and another massive data breach. A large-scale leak occurred in 2015, but it was even worse in 2016. Two of them were the largest leaks in history. One was a large-scale politically hacked attack on the National Committee of the Democratic Party, and the other was Ongoing attacks on medical point-of-sale technology and within the federal government.
However, according to a study by Piper Jaffray, data breaches could mean increased security opportunities for partners. The agency found an 80.9% correlation between the number of data breaches and the growth in security company revenue. Revenue growth is usually seen two quarters after the time of the data breach.
2016 is coming to an end and all signs point to a new year of data breaches and security threats, with emerging threats surrounding the Internet of Things and others. But before these happen, let's review the major events that happened in 2016.
Although this is not the most affected event this year, a vulnerability in the HPE service discovered in October this year is particularly important for partners. In November, the US Navy announced that information on a previous laptop operated by an HPE service contractor had been accessed by "unknown individuals", including the names and social security numbers of more than 134,000 active and former Navy personnel.
"The U.S. Navy took the incident extremely seriously, which involved the credibility of the Navy," Robert Burke, the U.S. Navy personnel chief, said in a statement at the time. "We are conducting an initial investigation to quickly identify and address the impact of this leak."
21st Century Oncology
In March, 21st Century Oncology, a cancer care company based in Fort Myers, Florida, announced that the company suffered a data breach involving information on 2.2 million patients in 50 states and worldwide. The hacker hacked into the company's database in October 2015, accessing the patient's personal information, including name, social security number, doctor's name, diagnosis, treatment data and insurance information. The company said, "There is no indication that this information has been abused in any way."
Web hosting service and website builder Weebly confirmed that a hack in October affected more than 43.5 million accounts, including user names, email addresses, passwords, and IP addresses. The incident affected user security and related websites. Weebly said it believed no credit card information had been misused after the breach.
In August, security reporter Brian Krebs reported that the computer system of software giant Oracle was hacked, and Heihe directly hacked into the company's Micros Systems credit card payment system (Oracle acquired Micros Systems for $ 5.3 billion in September 2014). Oracle Micros Systems is one of the top three POS systems in the world. Krebs reports that an organized cybercrime group in Russia known for its invasion of banks and retailers appears to be the attacker behind the incident, affecting hundreds of Oracle computer systems. Oracle confirmed that it has detected and resolved some malicious code in Micros Systems, saying that its corporate network, cloud and other services have not been affected. Oracle said at the time that it had implemented additional security measures for traditional Mricos systems to prevent similar incidents from happening again. Oracle also requires all Micro customers to change all their Micros account passwords.
6. National Fishing and Hunting License Site
In August, a hacker attacked wildlife transportation permission sites in four states, gaining unauthorized access to 6 million personally identifiable information in Washington, Kentucky, Oregon, and Idaho. This person claims to be a hacker and claims to be Mr. Hight. He shared security vulnerabilities in these states, and later these vulnerabilities are said to have been fixed. The leaked information includes Xinming, date of birth, address, social security number, reviewer. , Weight, eye color, some phone numbers, and emails, the information leaked varies by state.
5.Verizon Enterprise Services
After a report by security reporter Brian Krebs in March, Verizon Enterprise Services announced that they had been the victims of a data breach that affected more than one million corporate customers. The incident allowed hackers to collect information on about 1.5 million corporate customers, including basic contact information. Verizon said customers' private network information or other data is currently being accessed by hackers. It is not clear where the root of the incident is, but Verizon said that vulnerabilities have been found and fixed in the corporate client, and hackers have used the black hole to collect information. At the time, some partners said that the incident highlighted people's concerns about telecommunications providers, because they have a wide range of customer information, which is a very attractive target for hackers to attack.
4.U.S. Department of Health and Human Services
In April, a laptop and a hard drive containing personal information were stolen from the Washington Child Support Enforcement Office (part of the U.S. Department of Health and Human Services). Police said at the time that the thief could have obtained the keys from a disgruntled former employee. These devices contain personal information for up to 5 million people, including social security numbers, dates of birth, addresses and phone numbers. The U.S. Department of Health and Human Services was heavily criticized for failing to make a frank announcement about the incident and the people whose risks could be affected. One year before the incident, information on more than 21 million federal employees and contractors was leaked from the Office of American Affairs.
In May, many users were reminded that they still have Myspace accounts, as Myspace announced that a data breach would affect 360 million accounts. In a blog post announcing the incident, Myspace said they found that the account email address, username and password information created before June 11, 2013 was posted on a hacker forum. Myspace updated its platform in 2013, including strengthening account security. Myspace blamed the incident on the Russian hacker "Peace".
Myspace is not the only social media network that has suffered a data breach this year. Tumblr announced that 65 million account information that had been leaked in 2013 was released. LinkedIn also announced the discovery of 117 million email and password combinations that were publicly sold online in the 2012 leak. There are reports that Foursquare also suffered a data breach that affected 22.5 million customers, but the company denied the ⎝⎛韦德足球⎞⎠.
2.American National Council for Democracy
With the presidential election campaign settled down this fall, thousands of emails leaked from the Democratic National Committee were published on WikiLeaks, having a bad impact on the Democrats, which are said to have affected the election results. In October, the US government stated that it was behind Russia's invasion of the Democratic Council of the United States to steal documents and e-mail. The CIA recently stated that intelligence showed that a considerable part of Russia ’s national attacks were directed against the Democratic Party. The Obama administration said that Russian President Putin authorized these attacks and said that Republican candidate Trump-also elected president-was informed of. There have been reports that Russia also tried to attack the Republican National Committee, but the attack was less aggressive and did not penetrate the agency's system. These attacks indicate that the impact of national attacks on some of the most important US systems is on the rise.
Yahoo has not only suffered the biggest data breach this year, but also one of the two largest leaks. In September, Yahoo announced that a data breach at the end of 2014 had affected more than 500 million user accounts. The incident caused some user account information to be leaked, including name, email address, phone number, date of birth, hashed password, some encrypted or unencrypted security questions and answers. Yahoo said they believed the incident was a national attack. Just a few months later, in December Yahoo announced a second, larger-scale attack that affected 1 billion user accounts.
The second data breach was allegedly independent of the first breach that occurred in August 2013, and unauthorized third parties stole information including names, email addresses, phone numbers, dates of birth, and hashed passwords. data. Yahoo said it may also include some encrypted and unencrypted security questions and answers. Yahoo said at the time that they had not yet figured out how the attackers had entered the system, but were working with law enforcement agencies to resolve the matter. Both data breaches can be considered the largest leaks in history, which also raised a question mark over Verizon's original plan to acquire Yahoo for $ 4.8 billion.