Cybersecurity Insight

Notable Breaches: The What, Why, and How to Avoid Them

13 Jan

Online breaches have become a significant part of the discussion when it comes to protecting consumer and organization data across multiple industries – from government groups to private companies and beyond, it seems like no one is safe from prying, anonymous hackers stationed around the world. We rounded up some of the more telling breaches, taking a look at how certain events came to fruition and tips on avoiding them in the future.

Company: Scottrade
Industry: Financial

Scottrade faced an attack sometime in late 2013 to early 2014 where hackers were able to access client names and addresses through the company’s website. Other sensitive information – email addresses, Social Security numbers, and more – could have easily been accessed and manipulated; however, the FBI concluded that the attackers were not interested as their aim may have been to perpetrate stock scams. Now remember how the attack originated in late 2013 to early 2014? Scottrade didn’t disclose the extent of the attack until October 1, 2015. They waited at least one and a half years to inform their customers of the egregious breach and that their personal information may have been compromised.

Company: Patreon
Industry: Commercial

Patreon is a crowdfunding site connecting artists with their supporters in order to fund their next creative project. Unfortunately, the site’s data was dumped onto the Internet on October 1, 2015 – data that included the website’s source code along with email addresses, account passwords, and private conversations between users of the site. Over 2.3 million email addresses and 15GB of data were discovered by the watchdog site Have I Been Pwned?, one of which happened to be the founder’s contact information.

Company: T-Mobile
Industry: Telecommunications

T-Mobile’s case is an interesting one in that it isn’t just an unnamed individual or group from the depths of the Internet. From September 1, 2013 to September 16, 2015, data was stolen from one of the servers by an individual without authorized access; the breach was not even noted until September 15, 2015, over two years after the initial start point of the attacks. Interestingly enough, the data – which included names, social security and identification numbers, addresses, dates of birth – was held by credit reporting agency Experian and was immediately blamed by T-Mobile.

Despite spanning multiple industries and types of intrusions from outside sources, these three cases all have one major theme in common: delayed discovery of the breach and a lack of proper reporting time to those affected. Scottrade took at least a year and a half, T-Mobile two years….you get the idea. A client of any company is giving their most valuable asset away – their distinguishing personal data – and, when in the wrong hands, their lives online or in-person come to a screeching halt. Unfortunately, many companies fail to heed the very obvious about security and data breaches; it’s not a matter of if, but when. In order to sidestep the heartache and confusion of dealing with this unfortunate scenario, take the preventative next steps and invest in actionable threat intelligence before this happens to your organization’s critical data.