Top Ten Data Security Breaches

Monday, March 14, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Jake Widman of InformationWeek has assembled a nice list of the biggest and most costly data security breaches over the last few years.

The list covers data loss events from retail, corporate, and government entities - and thankfully does not include the WikiLeaks release of classified diplomatic cables.

In most of the listed events, at some point the loss could have been prevented, making a periodic review of these breaches of data security important for reminding everyone how easy it can be to make history for all the wrong reasons.

A summary of Widman's list is as follows:

TJX, T.J. Maxx, And Marshalls: In February 2007, TJX, parent company of discount stores T.J. Maxx and Marshalls, disclosed that thieves had stolen information on possibly tens of millions of credit and debit cards...

CardSystems Solutions: In June 2005, MasterCard announced that up to 40 million credit card holders were at risk of having their data stolen -- and 200,000 definitely had -- because of a Trojan on the computers of a credit card processing company. The processor, CardSystems Solutions, had improperly stored the card data, unencrypted...

Heartland Payment Systems: Heartland was a credit card payment processor for more than 250,000 businesses in 2009, when the company revealed that tens of millions of transactions might have been compromised. The company's computers were infected with malware that passed the information on to outsiders...

Bank Of New York Mellon: In February 2008, the company sent 10 unencrypted backup tapes to a storage facility. When the storage firm's truck arrived at the facility, however, only nine tapes were still on board. The missing tape contained social security numbers and bank account information on 4.5 million customers...

Hannaford Brothers: The Maine-based grocery store chain Hannaford Brothers announced in March 2008 that hackers had gained access to more than 4.2 million credit card transactions. By the time word got out, more than 1,800 of the credit card numbers had already been used...

HM Revenue & Customs: News broke in November 2007 that two computer discs holding personal information on 25 million British citizens -- all UK families with children under 16 -- had been lost in the mail. The data included the families' names, addresses, National Insurance number, and in some cases bank information...

U.S. Department Of Veterans Affairs: In 2009, the Department of Veterans Affairs was having trouble with one of the hard drives in a database RAID array. Unfortunately, it neglected to erase the unencrypted data on the disc. When the contractor was unable to repair the disc, they simply recycled it, leaving the personal information for some 76 million veterans accessible to whoever next got the disc. ...

Certegy: Certegy Check Services, a subsidiary of Fidelity National Information Service, revealed in 2007 that one of its employees had been stealing customer records and selling them to a data broker. The records included credit card, bank account, and other personal information, and Certegy estimated the breach affected 8.5 million customers...

Oklahoma Department Of Human Services: Somebody at the Oklahoma Department of Human Services left the office in April 2009 with a laptop containing unencrypted client records. They left the laptop in their car, someone broke into the car, and the names, social security numbers, and other sensitive information on about a million Oklahomans went missing...

Health Net: In May 2009, the Connecticut health care provider Health Net reported that an unencrypted portable storage device was missing, containing seven years' worth of financial and medical information on 1.5 million customers...

For the complete details, including reference links from news sources from when the events occured, see Widman's article at InformationWeek:

Source:  http://www.informationweek.com/news/galleries/security/attacks/showArticle.jhtml?articleID=229300675&pgno=1&isPrev=

Possibly Related Articles:
15510
Network->General
Data Loss breaches Privacy Headlines Security Infosec
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.