5 Internet Leaks that Shook the World in 2015
LTN revisited some of the hacks that may have gotten your data stolen this year and got experts to weigh in.
Ian Lopez, Legaltech News
Through e-commerce or social media or merely breathing, your information is everywhere. And, if the right steps are taken, virtually anyone can access it. As the years go on, the abilities of hackers only get better as the world’s biggest organizations and agencies struggle to keep pace, leaving doors open for breaches that seem to get both bigger and more devastating.
Legaltech News decided to take a look at some of the biggest, most jarring breaches that we’ve seen all year. Suffice to say, there wasn’t a shortage of instances to choose from – one estimate places the number of breaches this year at 750, among which nearly 200 million records were compromised. Among these instances, everything from financial information to health records were vulnerable, the data from which, according to experts, can be used for extortion, identity theft or resale on a lucrative black market.
In a conversation with Legaltech News, Ed Cabrera, TrendMicro vice president of cybersecurity strategy, discussed the increasing amounts of data breaches.
“Successful cyber attacks have steadily increased over the last 10 years,” he said. “However, we have seen a sharper increase in threat actor sophistication and exponential growth in the amount of data being compromised.”
Cabrera discussed a Trend Micro Report that found that over 76 percent of organizations polled said they experienced an increase in cyberattacks. “We have seen an increase in sophistication at all stages of an attack.”
1. Ashley Madison
Aside from being perhaps the most sensationalistic, the Ashley Madison leak opened new doors in the world of breaches, exposing the personal information of potential adulterers for the world to see. Individuals comprising the possibly 40 million users reported that hackers attempted to extort them, while the group of hackers – a group calling itself ‘The Inside Team’ – was said to have accessed information on users that included financial information, email addresses and correspondence conducted through the site. Recently, users began receiving blackmail letters via snail mail. The hackers demanded that Ashley Madison and a partner site called Established Men take down their sites, claiming that otherwise they’d release the info on all of the site’s users. Over the summer, police in Toronto reported two unconfirmed reports of suicide related to the case.
Hackers claimed that the website’s security was weak, and the company’s CEO even speculated that the job might have been conducted from the inside.
2. Premera Blue Cross Blue Shield
One of the earliest breaches of this year, the Premera Blue Cross Blue Shield breach was the largest breach ever involving patient medical information, affecting over 11 million subscribers as well as those engaging in business with the company.
Attesting to the latency often experienced by companies affected by data breaches, Blue Cross told the press that hackers might have gained access to this data, as well as bank account numbers and social security numbers, in as early as May 2014.
“Sadly, it still takes seconds or minutes for cyber attackers to compromise victim networks and takes months and maybe years before they are detected,” Cabrera said. “Data breaches are the new norm and cyber resilience is critical. Business executives and their strategy for handling cybersecurity issues must evolve. They must develop cyber resilience programs that encompass the ideas of defense and prevention, but go beyond to emphasize response and recovery in moments of crisis.”
3. Kaspersky Lab
While spies, thieves and nation-states make a great mix for movies, these actors provide a potent impact when it comes to breaches. In June, Russian-headquartered software security group Kaspersky Lab told the world that it had found infiltrations among its internal systems. The attack was undertaken via a malware platform called Duqu 2.0, which Kaspersky told the press was “one of the most sophisticated campaigns ever seen.”
Kaspersky believes that the attackers behind Duqu 2.0 are a group linked to previous attacks against Sudan, Hungary and Iran, giving the impression that they may be sponsored by a nation-state. Furthermore, the attack was implemented in effort to collect intelligence regarding nation-state attacks that Kaspersky was investigating.
With previous information leaks under its belt (remember Paris Hilton’s sidekick?), T-Mobile is no stranger to controversy. While overcoming any threats to its reputation to become a leading mobile provider in the U.S., the company again fell victim to data theft, this time at the hands of its partner, the credit agency Experian, compromising information on at least 15 million T-Mobile customers that underwent credit checks through Experian. The information leaked included passport numbers, Social Security Numbers, names and addresses.
5. FBI Portal Breach
Though it’s widely known that law enforcement tends to lag when it comes to most things technology, breaches through our nation’s highest enforcement bodies like the CIA tend to cause much alarm. In November, a hacker group called “Crackas With Attitude” successfully infiltrated the Law Enforcement Enterprise Portal, aka LEO.gov, posting personal information on law enforcement officials. Overseen by the FBI, the portal is used to share intelligence between law enforcement bodies. While the portal contains info on hundreds of thousands of authorized users – small in relation to other breaches this year – some believe it to be one of the biggest external breach to law enforcement this year.