Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

5 of the Top Security Breaches of 2013

While 2013 is now behind us, the threat of security breaches is certainly not. 

While 2013 is now behind us, the threat of security breaches is certainly not. 

Security failures can hit pocketbooks as well as the reputations of companies that experience them. But just as important, they can herald increased sophistication by attackers and a rockier cyber-threat landscape in the months to come. With this in mind, SecurityWeek has made a list and checked it twice: the most devastating security breaches of 2013.

In no particular order, here are some of the most serious security incidents that made the news in 2013.

1) Target: The latest publicized breach of the year was also one of the biggest, affecting as many as 40 million payment cards. According to Target, malware was discovered on some of the chain’s point-of-sale systems Dec. 15. Anyone who shopped at a Target store and used a credit or debit card between Nov. 27 and Dec. 15 should stay alert for suspicious activity. Last week, the store also confirmed that encrypted PIN data was removed, though Target believes that information is still safe because the encryption key necessary to decode the PIN information is not stored or accessed by Target. Besides consumers concerns, the breach touched off questions about why Target had not adopted EMV chip technology to better protect its customers.

2) Adobe Systems: Adobe was hit hard after news leaked out that attackers had accessed the encrypted credit card information of millions of customers and compromised the account information of millions more. The breach also involved the theft of source code for a number of the company’s products, including Adobe Acrobat, ColdFusion and ColdFusion Builder.  

3) Bit9: This hack actually is believed to have occurred in 2012. Bit9 CTO Harry Sverdlove explained in February 2013 that attackers used a SQL injection flaw to compromise an Internet-facing Web server in roughly seven months prior in July of 2012. This allowed them to access a virtual machine and steal a digital certificate, which was then used by the attackers used to sign malware leveraged in other attacks. When the situation was discovered, the certificate was revoked.

4) Data Aggregators: A number of data aggregators were hit by hackers tied to an identity theft service called ssndob[dot]ms. Among the firms that were hit were: LexisNexis, Dun & Bradstreet and Kroll Background America (now part of HireRight). The service allowed customers to look up the social security numbers, birthdays and personal data of various targets, many of whom were high-profile individuals and celebrities.  

5) CorporateCarOnline: While not a household name, the attack on the firm made for a very popular news item after it was revealed that attackers made off with a plain-text archive with credit card numbers and other information from a number of celebrities, including Tom Hanks and Donald Trump. All totaled, 850,000 records were stolen in the incident.

Advertisement. Scroll to continue reading.

Related Reading: Don’t Focus on Predictions: What are Your 2014 IT Security Resolutions?

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.