Top 8 Most Disturbing Data Breaches In 2018

Uploaded on 2018-12-14 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

The CEO of one of the largest US banks once admitted that the only things that could destroy his bank overnight are data breaches, meteors, and nuclear weapons. In this day and age, there is no shortage of stories capturing media headlines by exposing companies impacted by data breaches. A Google search will yield thousands of hits, the list of data breaches in the news goes on and on, and it’s difficult to ignore that this issue is on everyone’s mind. 

While companies focus most of their resources to deal with external threats, insider risks are likely to pose an even greater threat. Traditional approaches to reducing insider threat risks include awareness training and access governance. While these are important, they’re not enough to mitigate employee risk. 

Organizations throughout the world share the risk posed by insiders which continues to grow each year costing significant money and resources. As the threats continue to be difficult to detect and mitigate, dealing with breach consequences is extremely detrimental and getting worse across the board.

The cases presented here demonstrate that ignoring the growing threat posed by insiders can be costly and the consequences of an insider-related incident are significant. Even the larger organizations, that have the right controls and processes in place for mitigating negligent or malicious threats, see the average cost of an insider incidents nearing $9 million. 

To deal with a continuously growing insider threat  and proactively minimize the expenses associated with it, the companies need to invest in identity access management and insider threat detection tools that can reduce the number and consequences of these vulnerabilities.

Looking back at 2018, here are some of the major data breaches that occurred this year so far.

1. SunTrust

SunTrust is a large bank where a former worker stole details on 1.5 Million customers. The bank reported this breach in April and believes that stolen private data included names, contact information, and account balances. An insider is responsible for the data theft with an intent of sharing them with a criminal third party. The bank first became aware of the possibility of “inappropriate access” of records in February when the culprit attempted to print the records.

2. Punjab National Bank

Another insider incident at India's second largest state-run bank resulted in $1.8 billion damages. In April the bank filed police complaint against jewelers that colluded with two of its staff to defraud the bank. The fraudulent money transfers started when jewelry firms owned by indian billionaire Modi opened letters of credit to import precious stones. It’s a standard practice for the bank pay the suppliers on behalf of Modi’s companies and recover the funds from him later. It’s a not uncommon to extend the letter of credit if the client is unable to repay in full at the end of the term. 

Bank workers issued fake documents used to obtain loans and move money to certain overseas businesses. Based on unauthorized documents, the PNB insider misused the SWIFT network to move the funds, while the transactions were never recorded in the main system leaving the management unaware.

An insider, a bank manager, confessed to misusing a high-level SWIFT password, which is supposed to be accessible only to upper management.

3. Tesla

Among the recent data breaches in 2018 is a theft that was perpetrated by Tesla employee who admitted to misappropriating highly sensitive information and sharing it with unnamed outsiders. Tesla CEO, Elon Musk, described the hack as an employee “making changes to the Tesla Manufacturing Operating System using false credentials and exporting proprietary data to unknown third parties.” 

The Tesla employee considered himself a whistle-blower and supposedly did this because he felt that the company was acting inappropriately. He wrote the software to periodically export gigabytes of proprietary data and funnel it outside of the organization.

A number of confidential photographs, a video of manufacturing systems and processes, as well as the financials were among the stolen data.

4. Pennsylvania Department of Education

A breach of a Pennsylvania Department of Education database, which occurred between 12 noon and 12:30 p.m. on February 22nd, was caused by an employee error, exposing data belonging to other system users, including teachers, school districts and state Department of Education staff. The database contained records from teachers applying and holding certifications in Pennsylvania and is used by officials and educators to review applications and to verify certifications.

During the incident, individuals logging into the Teacher Information Management System could have accessed personal information of other current and former teachers, including their Social Security numbers. The breach lasted for 30 minutes on a February afternoon potentially compromising personal information of teachers, administrators and other professional school staff throughout the state.

As a precaution, the state is offering to anyone who might have been impacted an opportunity to enroll in one year of free credit monitoring services retroactive up to one year from February 22nd, the day the breach occurred.

Approximately 360,000 individuals have been affected by this breach.

5. Florida Virtual School

On February 11, Florida Virtual School became aware and reported major data breach that left the personal data of more than 368,000 students unsecured online, exposing them to potential identity theft. Also, Social Security numbers, addresses, and phone numbers of more than 1,800 teachers were jeopardized. The compromised information was stored on a single server that was accidentally left open, without appropriate password protection, affecting students who have taken courses at the Florida Virtual School (FLVS). 

The largest state-run virtual school in the country, FLVS is a public school district serving approximately 6,000 full-time students. Thousands of other students in public and private schools take FLVS's online courses part-time. 

FLVS is now offering a year of identity-protection and fraud-monitoring services to individuals who may have been impacted by the breach.  

6. BJC Healthcare

In January an internal scan by BJC Healthcare, one of the largest healthcare systems in the United States, found one of its servers had been misconfigured allowing patients’ personal information to be accessed without authentication. The scanned documents stored on the server contained Social Security and driver’s license numbers along with patients’ names, addresses, contact telephone numbers, and dates of birth. The protected health information of more than 30,000 patients of BJC Healthcare has been accessible on the Internet without any need for authentication. 

Officials said the server was immediately reconfigured to prevent further data access and that internal investigation revealed an error had been made misconfiguring the server leaving sensitive information accessible.

7. Kent and Medway NHS Trust

In March, the Kent and Medway NHS and Social Care Partnership Trust, one of the largest mental health trusts in the UK announced that sensitive medical records stored in its database were inappropriately accessed by an employee who had no valid legal reason. 

An organization that serves 1.7 million people became aware of the breach and the moment concern was raised, a junior member of staff who accessed patient records was dismissed and the Trust reported the incident to the Information Commissioner's Office, leading to a police probe.

A former NHS employee, who snooped on the records, was one of the staff employed on a temporary basis and no previous concerns had been raised about her work prior to this incident. She pleaded guilty to violating the Data Protection Act and was fined.

8. Coca-Cola

Last year the Coca-Cola Company had its data misappropriated by insider. We mention it here, despite the fact that it is from 2017, because it is exactly the textbook case for which the insider threat detection tools were built for.

The company suffered a data theft at a hand of a former worker who stole an external drive with classified information about some of its employees. The incident impacted 8,000 people whose personal data was taken without permission by a former Coca-Cola employee when he left the job. The kind of information that was stolen varied from person to person.

Although, this is not the biggest US data breach, it is a breach at one of the biggest US companies.

Conclusion

Today, security incidents are seen by many companies as an inevitable event and just “a cost of doing business.” Organizations are beginning to realize that data breaches cannot be prevented from happening; however, identifying early indicators allows limiting their associated impact or stopping the attack in real time. Continuous user activity monitoring and privileged access management are some of the most effective practices to reduce insider-related security risks.

Marcell Gogan is a Security Expert at Ekran System

You Might Also Read:

Cybersecurity 2019: Predictions You Can’t Ignore:

 

 

« British Telecom Is Stripping Huawei Out Of Its Network
Supply Chain Attacks Are On The Rise »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Dionach

Dionach

Dionach are a certified information security specialists who provide Penetration Testing, IT Security Auditing and Information Security Consultancy.

Intersec Worldwide

Intersec Worldwide

Intersec Worldwide is a boutique Information Security Firm specializing in PCI Compliance, Assessment, Remediation, Forensics, Data Breach Investigations, Incident Response and IT Managed Services.

SoftLock

SoftLock

Softlock is a regional leader in Information Security providing solutions, consulting, integration and testing services to protect information assets, identities and supporting infrastructure.

Mvine

Mvine

Mvine's primary business is authoring and selling Cyber-Secure Platforms for Collaboration Portals and for Identity Management as well as delivering cloud support services.

ISMS.online

ISMS.online

ISMS.online is a cloud software solution for fast & cost-effective implementation of an information security management system and achieve compliance with ISO 27001 and other standards.

A3Sec

A3Sec

A3Sec provides professional solutions in the areas of Cybersecurity, Device Monitoring, Business Intelligence and Big Data.

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

AXELOS

AXELOS

AXELOS develops best practice frameworks and methodologies used globally by professionals working primarily in IT management and cyber resilience.

Basque Digital Innovation Hub (BDIH)

Basque Digital Innovation Hub (BDIH)

The aim of the BDIH initiative is to provide industrial enterprises, especially SMEs, with the technological capabilities needed to meet the challenges of industry 4.0.

Bradley-Morris

Bradley-Morris

Bradley-Morris is a leading recruiting firm specializing in transitioning military and veteran talent into civilian careers including Cybersecurity.

David Hayes-Export Controls

David Hayes-Export Controls

David Hayes-Export Controls provides assistance to companies affected by export controls or who are considering entering the market but are unsure of the commercial and regulatory implications.

SolCyber

SolCyber

SolCyber, a Forgepoint company, is the first modern MSSP to deliver a curated stack of enterprise strength security tools and services that are accessible and affordable for any organization.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

National Cybersecurity Agency (ACN) - Italy

National Cybersecurity Agency (ACN) - Italy

The ACN is the National Authority for Cybersecurity in Italy. the Agency promotes public-private initiatives to strengthen the national cybersecurity and resilience posture.

ITQ Latam

ITQ Latam

ITQ Latam are specialists in cybersecurity, in a convergent ecosystem of technological solutions in infrastructure, cloud and security networks.

StealthMole

StealthMole

StealthMole is a deep and dark web threat intelligence company that delivers a cloud-based, unified platform for digital investigation, risk assessment, and threat monitoring.