While 2013 is now behind us, the threat of security breaches is certainly not.
Security failures can hit pocketbooks as well as the reputations of companies that experience them. But just as important, they can herald increased sophistication by attackers and a rockier cyber-threat landscape in the months to come. With this in mind, SecurityWeek has made a list and checked it twice: the most devastating security breaches of 2013.
In no particular order, here are some of the most serious security incidents that made the news in 2013.
1) Target: The latest publicized breach of the year was also one of the biggest, affecting as many as 40 million payment cards. According to Target, malware was discovered on some of the chain’s point-of-sale systems Dec. 15. Anyone who shopped at a Target store and used a credit or debit card between Nov. 27 and Dec. 15 should stay alert for suspicious activity. Last week, the store also confirmed that encrypted PIN data was removed, though Target believes that information is still safe because the encryption key necessary to decode the PIN information is not stored or accessed by Target. Besides consumers concerns, the breach touched off questions about why Target had not adopted EMV chip technology to better protect its customers.
2) Adobe Systems: Adobe was hit hard after news leaked out that attackers had accessed the encrypted credit card information of millions of customers and compromised the account information of millions more. The breach also involved the theft of source code for a number of the company’s products, including Adobe Acrobat, ColdFusion and ColdFusion Builder.
3) Bit9: This hack actually is believed to have occurred in 2012. Bit9 CTO Harry Sverdlove explained in February 2013 that attackers used a SQL injection flaw to compromise an Internet-facing Web server in roughly seven months prior in July of 2012. This allowed them to access a virtual machine and steal a digital certificate, which was then used by the attackers used to sign malware leveraged in other attacks. When the situation was discovered, the certificate was revoked.
4) Data Aggregators: A number of data aggregators were hit by hackers tied to an identity theft service called ssndob[dot]ms. Among the firms that were hit were: LexisNexis, Dun & Bradstreet and Kroll Background America (now part of HireRight). The service allowed customers to look up the social security numbers, birthdays and personal data of various targets, many of whom were high-profile individuals and celebrities.
5) CorporateCarOnline: While not a household name, the attack on the firm made for a very popular news item after it was revealed that attackers made off with a plain-text archive with credit card numbers and other information from a number of celebrities, including Tom Hanks and Donald Trump. All totaled, 850,000 records were stolen in the incident.
Related Reading: Don’t Focus on Predictions: What are Your 2014 IT Security Resolutions?
