Thursday 26 March 2015

Data Security Breaches - Throw back Thursday

We take a look back at 2014 most infamous data security breaches:


Morrison’s supermarket (2014) An insider attack; the attacker published details of the firm’s entire workforce database online, 100,000 employees in all. An employee was eventually arrested for the incident and will presumably come to court at some point which could reveal more details of how the firm’s security was bypassed. 
Staffordshire University (2014) The Laptop scenario (which happens more than you think) - which involved 125,000 students and applicants on a computer stolen from a car.  But the files had been password-protected said the University... That wouldn't have been much of a barrier to the name, address, telephone number and email data.
Mumsnet (2014) Victim of the Heartbleed SSL software flaw, the compromise allowed hackers to access anything up to 1.5 million user accounts on the hugely popular site, its owners revealed. Although the data inside these accounts was less sensitive than for some of the other accounts, the hack revealed both the potency of big but undiscovered software issues affecting multiple sites and that even big brands could be affected.
Think W3 Limited (2014) A serious attack in which a hacker was able to get his or her hands on 1,163,996 credit and debit card records from online holiday firm Think W3 by using an SQL injection attack to exploit a weakness on its website. The ICO described the incident as a “staggering lapse” and fined it £150,000.
Moonpig (2015) Another biggie, a software flaw in the firm’s Android app let a researcher access the records of any Moonpig account holder he tried, in theory compromising a total of three million people. As serious, the researcher reported the issue to the firm 18 months before going public in early 2015 after receiving an inadequate response. Significant partly because it involved a mobile app rather than the more common website breach.
How do you go about reviewing/testing your IT Security?

No comments:

Post a Comment