Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The 15 worst data security breaches of the 21st Century

Taylor Armerding | Feb. 17, 2012
Data security breaches happen daily in too many places at once to keep count.

Online forums and blogs are among the most popular targets of hackers. A group calling itself Gnosis claimed responsibility for the attack, saying it had been launched because of Gawker's "outright arrogance" toward the hacker community. "They're rarely secured to the same level as large, commercial websites," says the KNOS Project's Kevin McAleavey, who adds that the main problem was that Gawker stored passwords in a format that was very easy for hackers to understand. "Some users used the same passwords for email and Twitter, and it was only a matter of hours before hackers had hijacked their accounts and begun using them to send spam," says McAleavey.

10. Google/other Silicon Valley companies

Date: Mid-2009

Impact: Stolen intellectual property

In an act of industrial espionage, the Chinese government launched a massive and unprecedented attack on Google, Yahoo, and dozens of other Silicon Valley companies. The Chinese hackers exploited a weakness in an old version of Internet Explorer to gain access to Google's internal network. It was first announced that China was trying to gather information on Chinese human rights activists. It's not known exactly what data was stolen from the American companies, but Google admitted that some of its intellectual property had been stolen and that it would soon cease operations in China. For users, the urgent message is that those who haven't recently updated their web browser should do so immediately.

11. VeriSign

Date: Throughout 2010

Impact: Undisclosed information stolen

Security experts are unanimous in saying that the most troubling thing about the VeriSign breach, or breaches, in which hackers gained access to privileged systems and information, is the way the company handled it -- poorly. VeriSign never announced the attacks. The incidents did not become public until 2011, through a new SEC-mandated filing. "How many times were they breached?" asks eIQnetworks' John Linkous. "What attack vectors were used? The short answer is: we don't know. And the response to that is simply: we should." "Nearly everyone will be hacked eventually," says Jon Callas, CTO for Entrust, in a post earlier this month on Help Net Security. "The measure of a company is how they respond." VeriSign said no critical systems such as the DNS servers or the certificate servers were compromised, but did say that, "access was gained to information on a small portion of our computers and servers." It has yet to report what the information stolen was and what impact it could have on the company or its customers. Linkous says the company's "failure to disclose until legally required to do so is going to haunt VeriSign for some time."

12. CardSystems Solutions

Date: June 2005

 

Previous Page  1  2  3  4  5  6  Next Page 

Sign up for MIS Asia eNewsletters.