Top Ten Embarrassing Data Breach Events

Tuesday, April 05, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

As the Epsilon data breach continues to grow to epic proportions, with the latest reports estimating that the client data of at least fifty major company's has been compromised, Tom Brewster of ITPro has published an article with his list of the top ten most embarrassing data breaches to date.

The ensemble does not necessarily show the biggest breaches ever recorded, but instead examines those that tended to leave the egos of the victims particularly bruised.

The following is a brief summary of Brewster's picks:

1. WikiLeaks: The US Government was left looking silly simply because it let the various pieces of classified information escape its grasp. It was astonishing such data could get out, allegedly through one person’s actions. However the breach happened – it surely wasn’t as simple as someone downloading data to a CD and then walking out of Government buildings – it provided plenty of potentially damaging information for everyone to get hold of...

2. Epic HMRC Breach: The breach at HM Revenue and Customs (HMRC) in 2007 was one of the most significant in the history of the UK. Many have seen it as a watershed moment in the security industry. Two disks went missing containing personal and banking data of 25 million people, leading to the resignation of HMRC head Paul Gray. It was the ultimate data boo-boo...

3. HBGary vs. Anonymous: It was when Anonymous started leaking tens of thousands of emails from the firm that the embarrassment levels went up a notch. No one likes to see their dirty laundry aired in public, but that’s what happened. Details emerged on how HBGary worked with Government bodies in the US, showing how they had created malware and rootkits. Nothing truly awful emerged, but it was bad enough that the firm had its private conversations revealed to the world...

4. RSA recent, Mention Kaspersky: We saw last year the impact a hack on a Kaspersky website had. In that case, hackers exploited a vulnerability in a third party app used for website admin. Just last month, though, a much more serious hack led to a rather significant data breach. When RSA, the security arm of EMC, had its servers hacked, data on its two-factor authentication product SecurID was compromised...

5. Goatse vs. AT&T: The hackers from Goatse Security, who claimed they were only trying to expose flaws on AT&T’s side, exploited holes in AT&T servers to siphon off personal info of around 114,000 customers. Among the possible victims were celebrities, business executives and government officials, including New York City Mayor Michael Bloomberg...

6. ACS:Law: Privacy International claimed ACS:Law breached the Data Protection Act by allowing an archive containing sensitive data to be stored on a public facing web server, and the ICO said it was going to investigate. The breach was another nail in the coffin for the law firm, which has now folded altogether...

7. English Defence League Hack: An EDL database was hacked and members’ information was stolen by a group known as the Mujahideen Hacking Unit... The hack may have been inspired by the EDL's involvement in the furore surrounding the Koran-burning American preacher Pastor Terry Jones...

8. BNP Breach: It was another disaffected employee who embarrassed the British National Party back in 2008 when they published a membership list online. Following the leak by an ex-senior member of the party, members of the controversial political group said they received threatening and abusive phone calls and emails...

9. Shell Emails Data to Opponents: A database containing contact details of 170,000 workers of oil giant Royal Dutch Shell was emailed to campaigning groups opposed to the company’s activities. As for how the data was leaked, it was thought to be the work of a disgruntled insider – a threat all businesses need to look out for...

10. First ICO Fines: Hertfordshire County Council and employment services company A4e - Admittedly, their errors were fairly shaming in themselves. The council was reprimanded for two serious incidents when employees faxed highly sensitive personal information to the wrong recipients. A4e had an unencrypted laptop stolen, which contained personal data on 24,000 people...

For more details on each of the breach events listed, as well as links to articles posted when the news of each broke, see Brewster full article at ITPro:

Source:  http://www.itpro.co.uk/632452/top-10-most-embarrassing-data-breaches

Possibly Related Articles:
14811
Breaches
Data Loss breaches Cyber Crime Headlines WikiLeaks hackers HBGary Federal AT&T
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.