Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

5 of the Top Security Breaches of 2013

While 2013 is now behind us, the threat of security breaches is certainly not. 

While 2013 is now behind us, the threat of security breaches is certainly not. 

Security failures can hit pocketbooks as well as the reputations of companies that experience them. But just as important, they can herald increased sophistication by attackers and a rockier cyber-threat landscape in the months to come. With this in mind, SecurityWeek has made a list and checked it twice: the most devastating security breaches of 2013.

In no particular order, here are some of the most serious security incidents that made the news in 2013.

1) Target: The latest publicized breach of the year was also one of the biggest, affecting as many as 40 million payment cards. According to Target, malware was discovered on some of the chain’s point-of-sale systems Dec. 15. Anyone who shopped at a Target store and used a credit or debit card between Nov. 27 and Dec. 15 should stay alert for suspicious activity. Last week, the store also confirmed that encrypted PIN data was removed, though Target believes that information is still safe because the encryption key necessary to decode the PIN information is not stored or accessed by Target. Besides consumers concerns, the breach touched off questions about why Target had not adopted EMV chip technology to better protect its customers.

2) Adobe Systems: Adobe was hit hard after news leaked out that attackers had accessed the encrypted credit card information of millions of customers and compromised the account information of millions more. The breach also involved the theft of source code for a number of the company’s products, including Adobe Acrobat, ColdFusion and ColdFusion Builder.  

3) Bit9: This hack actually is believed to have occurred in 2012. Bit9 CTO Harry Sverdlove explained in February 2013 that attackers used a SQL injection flaw to compromise an Internet-facing Web server in roughly seven months prior in July of 2012. This allowed them to access a virtual machine and steal a digital certificate, which was then used by the attackers used to sign malware leveraged in other attacks. When the situation was discovered, the certificate was revoked.

4) Data Aggregators: A number of data aggregators were hit by hackers tied to an identity theft service called ssndob[dot]ms. Among the firms that were hit were: LexisNexis, Dun & Bradstreet and Kroll Background America (now part of HireRight). The service allowed customers to look up the social security numbers, birthdays and personal data of various targets, many of whom were high-profile individuals and celebrities.  

5) CorporateCarOnline: While not a household name, the attack on the firm made for a very popular news item after it was revealed that attackers made off with a plain-text archive with credit card numbers and other information from a number of celebrities, including Tom Hanks and Donald Trump. All totaled, 850,000 records were stolen in the incident.

Advertisement. Scroll to continue reading.

Related Reading: Don’t Focus on Predictions: What are Your 2014 IT Security Resolutions?

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

Former Wiz executive Trish Cagliostro has joined Orchid Security as Chief Revenue Officer.

Transcend has named former UnitedHealth Group CISO Aimee Cardwell as CISO in Residence.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.