,

The Scariest Data Breaches of the Last 10 Years

 

  • Up until April 2019, 540 million Facebook users’ data was up for grabs. Thankfully the insecure data was removed from unprotected cloud servers when it was discovered by Bloomberg.  The insecure data included account names, IDs, and details about comments and reactions to posts.

  • First American left 885 million documents exposed on the web for years.  They were finally notified of the data exposure in May 2019 and immediately took the records down. Social security numbers, tax documents, and personal information was exposed in this breach.

  • In 2019, Dubsmash made a statement that almost 162 million users’ account holder names, email addresses, and hashed passwords were hacked. The data thieves posted the breached information on the dark web in February 2019.

  • Also in 2019, a hacker gained access to Zynga’s, a popular mobile game producer, customer account log-in information. The hackers not only gained access to log-in credentials but also usernames, email addresses, log-in IDs, some Facebook IDs, some phone numbers, and Zynga account IDs of about 218 million customers.  

  • In 2018, Under Armour had a data breach that affected 150 million users of the company’s mobile app, MyFitnessPal. Hackers stole usernames, passwords, and associated email addresses.  After the hack, the company’s stock plummeted.

  •  2018 was a busy year for hackers. Marketing and data aggregation firm Exactis, exposed 340 million records by building their database on a nonsecure server.  Almost 2 terabytes worth of data was exposed including email addresses, home addresses, phone numbers, and other personal information.

  • Also in 2018, Marriott (Starwood) hotels were hacked and over 300 million people who stayed at the property had their names, addresses, contact information, and passport numbers compromised. 

  • Last but certainly not least in 2018, Veeam, a data management firm, mishandled customer data. For 10 days “marketing databases [were] mistakenly left visible to unauthorized third parties”.  About 445 million records were exposed in this breach.

  • In March of 2017 River City Media, an email marketing company leaked 1.4 billion records.  While configuring a backup the company accidentally put their entire database online. 

  • In June of  2017, Deep Root Analytics, a conservative marketing firm, was hired by the Republican National Committee.  Unfortunately, Deep Roots did not keep voter information secure and voter information for 198 million Americans was publicly accessible.

  • In September of 2017, one of the largest data breaches in history hit Equifax.  Around 147 million consumers were affected (nearly 56% of Americans). Personal information such as names, social security numbers, birth dates, addresses, and numbers of some driver’s licenses was hacked from Equifax.

  • In 2016, Yahoo had the largest data breach in history.  Yahoo was the victim of multiple attacks that ended up exposing the names, email addresses, telephone numbers, and dates of birth of over a billion people.

  • Additionally, in 2016, a data breach compromised more than 412 million accounts from a network of mature-content sites. Some of the sites included AdultFriendFinder.com, Cams.com, iCams.com, Stripshow.com, and Penthouse.com.

  • In 2014, login credentials for 145 million users of eBay were stolen. Although the company wasn’t sure how many people were affected in all, eBay still chose to warn 145 million of its users to change their login credentials.

  • In 2013, Target went through a data breach that exposed 40 million credit and debit card accounts. According to cybersecurity guru Brian Krebs, Target got hacked after a third-party heating and air conditioning contractor working for Target was compromised.

  • Also in 2013, Adobe had 152 million records stolen in a data breach. Adobe declared at first that 3 million accounts were affected and later updated that number to 38 million.  The final count came from a database dump with over 150 million breached records.

 

Don’t let these data breaches just spook you. Take action to protect your data. Fibernet offers managed IT services that will help prevent these embarrassing data breaches.  Check out our managed IT services today!

 

/by
,

10 Do’s and Don’ts of Cybersecurity for Small Businesses

The best way to avoid cyberattacks is to be prepared. Small businesses are especially at risk of attack because they are like low-hanging fruit to hackers – the most vulnerable, with the least amount of security policies and practices implemented. A little prevention will save you a lot of headaches and money in the long run. 

1. Avoid phishing scams through email

Phishing is quite common. It is the practice of sending fraudulent emails professing to be a reputable person or company. For instance, a hacker might send you an email posing as a coworker. The email appears to be legitimate but it’s not. Often the perpetrator is trying to glean personal information like passwords, employee data, company credentials, or even credit card numbers.

It’s important to screen all your emails before clicking on any links or responding to them. Don’t click on links or open attachments unless you are certain about who the sender is. If it seems questionable, forward it to your IT team for them to investigate it.

2.  Avoid malware and ransomware through a virus

Viruses can infect your computer through either email or a download from the internet. Working remotely has increased the likelihood of infecting your computer with malware or ransom because those who previously worked closely with a team are now physically distanced with less communication between coworkers. You need to have a strong anti-virus strategy in place to safeguard against the potential threat. 

This is also why it’s also important to have a backup system in place. Back-ups are your plan B when your organization’s data infrastructure is eventually compromised with malware or ransomware. They provide your organization with assurance of data security and integrity.

3. Use Strong Passwords

Don’t underestimate the strength of a good password.  Although often overlooked, a good password is a first step in protecting your system. A strong password would be at least 12 to 15 characters in length and include capital and lowercase letters, and numbers. Use a new password that is long and hard to break for each of your password-protected sites. 

You can keep all these passwords securely in a password-protected keeper service.  You will only need to remember the password to enter your vault.

4. Be sure to train your employees

Your employees are your front-line defense against cybercriminals. It’s important to have them well-trained on how to spot a cyber threat. Enroll your employees in cybersecurity training, or create and regularly conduct your own training specific to your organization. There are certain trainings that are required by the industry such as PCI training requirements.       

5. Keep all your software up-to-date

Hackers are looking for holes in your software’s programming code that will allow them to infiltrate your network. Developers are continually updating their code to provide “patches” for these holes. It’s important to keep your devices up-to-date with the most current patches.  

6. Back up everything, all the time

In the best-case scenario, you need to have three copies of all your data:  the original, a backup for yourself, and an offsite copy. There are many off-site backup options that will monitor your data for changes and automatically update as changes occur. External hard drives, a separate computer, or a flash drive are all ways you can also back up your data.            

7. Become a limited user

You want to become a limited user on your computer instead of an administrator.  Administrators have the authority to install and remove software. This means if you innocently stumbled across a website that has malware on it, the malware could instantly go to work infecting your computer. “However, if you’re not your computer’s administrator, the malware won’t work. Why? Because only the administrator has the authority to make changes to your system’s software.”

8. Don’t solely rely on antivirus programs to protect you.

Antivirus programs may provide you with a false sense of security. They can’t keep up with all the threats out there. They can provide warnings and even block some malware or attacks.  Be sure to update them regularly.   

9. Don’t trust anyone.  Always think before you act.

Hackers will use your friends, family, or business to lull you away into a false sense of security. Before you click on a link or attachment from a friend take a moment to consider whether you’re expecting an email from them. Remember never to give out your account number or password.

10. Don’t become complacent about cybersecurity

Hackers are banking on you letting your guard down. Stay vigilant and assume you’re always under attack from outside threats.

 

/by