By Karin Zalcberg
Well, we have to say, thank the lord it' all over! The nightmarish cyber security incidents of 2017 have come to an abrupt close with the start of a new year and we are hoping we won't have to relive the biggest and baddest events that shook our faith and tried to shake our wallets. Just as a reminder of what happened, we have compiled a 2017 top ten list of the the disruptive hacks – here's to the memories!
With more and more business moving their business transactions and customer data fully or partially online, almost everyone is at risk of becoming an unwitting victim of a cyber-security breach. With 2017 now behind us, let's look forward to a safer cyber 2018.
- In no particular order, but starting with the worst, first, the Equifax breach that happened in September of 2017 definitely tops the list of epic cyber-attacks of 2017. This giant credit reporting agency had their servers hacked thanks to a weakness in their website software that went undetected for months. The end result of the attack was more than 140 million people with their personal data were exposed, including drivers' licenses and social security numbers.
Equifax didn’t do themselves any favors and drove public fear sky-high when they tried to assist by demanding social security details to check if accounts had been breached. They could have handled it better and cyber security experts feel we will be living with the fallout for years to come.
- Verizon, one of the leading communications company, found itself in a 2017 tough spot, after one of its vendors failed to prevent a breach that led to the leaked details of some 14 million subscribers.
The company issued an official response claiming that no information was actually stolen and that only a single person with no malicious intentions accessed the cloud storage area, but the report of the incident created nationwide panic and a breach in the public trust with far-reaching potential.
- SVR Tracking, a car tracking company based out of San Diego, made a cyber faux pas that exposed records and lifted the online invisibility for more than half a million online clients. Namely, a configuration error in the company’s backup database allowed access to third parties, making it possible to see customer names, license plate numbers, account IDs, encrypted passwords, and so on and so forth.
Following the report from a security company, SVR Tracking fixed the error, preventing any future unauthorized attempts.
- Sears Holdings, the parent company of Kmart, revealed that store payment systems were infected with a special type of malware that went undetected by the antivirus system. Although this was potentially a huge risk due to a number of possible victims, the investigation revealed that perpetrators were unable to obtain any sensitive customer information. However, the company issued a warning that some credit card numbers could have been compromised in the attack.
- A social learning network Edmodo was compromised by a hacker going under “nclay,” who obtained more than 77 million user accounts, later selling them on the Dark Web. Stolen passwords were hashed (encrypted), and it seems that hackers were not able to decrypt them in time to create any real damage, but the scale of the breach gives it a 'special' space on our list of cyber blunders.
- The IRS (shush, don't say their name too loudly or they may hear you), admitted to a potential breach that may have exposed the information of 100,000 taxpayers. To gain access, hackers used the IRS Data Retrieval tool, which was disabled after the attack. The IRS sent out personal notifications to those customers they believed were at risk, advising them on what steps to take to protect themselves from an identity theft.
- If you didn’t hear about WannaCry, then you slept through May and June 2017. This ransomware targeted computers running older Windows versions, basically most of them, locking down all the information, requiring users to pay in bitcoins to unlock the files. It is believed some 300,000 computers were affected altogether across various delicate industries (health care for example) and across multiple countries.
- Dun & Bradstreet, a business research and analytics company, had its marketing database leaked last year. As a result, 33 million corporate contacts were made available, including data such as names, phone numbers, and more, for the companies like Wal-mart, AT&T, and even the Defense Department.
- Although it happened in 2016, Uber only had the 'Uber"-bad fallout in the following year, revealing that information for 57 million customers was stolen. The company covered up the breach by paying hackers $100,000 and the whole thing remained a secret until the new CEO took over last year.
- Finally, just to slip a political cyber nightmare in the list, the Republican National Committee had accidentally exposed voting information for more than 198 million voters. The breach was made possible due to a misconfigured database, which allowed access to more than 1 terabyte of confidential data.