5 Newsworthy Cybersecurity Breaches of 2017

With 2018 upon us, let’s reflect on the past year in cybersecurity, and how we can use corporate innovation to avoid making the same mistakes.

The 2016 State of SMB Cybersecurity Report revealed that more than 55% of Small and Medium Businesses (SMBs) experienced a cyberattack in 2016, and 50% experienced a data breach.

These cyber crimes have cost SMBs an average of $879,582 because of the theft, and an additional of $955,429 caused by disruption to normal operation.

It is imperative to invest time, energy and resources in cybersecurity to thwart off cyber crimes. When you leave your company unprotected, you risk being part of our yearly list of security breaches!

Here are our top five newsworthy cybersecurity breaches of 2017, what makes them stand out and how corporate innovation could have prevented them.

Uber

This past November, ride-sharing app Uber disclosed that they were victims of a large data breach in 2016.

Now you may be thinking, “this didn’t take place in 2017.” But that is exactly what makes it newsworthy. Uber did not report the breach and reportedly paid the hackers $100,000 to keep the breach out of the media, so word only got out in 2017.

As a result, Uber is currently being targeted by Washington State Attorney General Bob Ferguson on behalf of the 10,888 Uber drivers in Washington alone, with many suits expected to follow alongside increased scrutiny from government and law enforcement agencies.

During the data breach, private information including names, driver’s license numbers, email addresses and phone numbers of over 7 million drivers and 50 million riders worldwide were compromised.

While being victims of such a large breach is problematic, what is more detrimental to the company is the lengths they took to hide this information from the public.

It will be interesting to see how companies will deal with breaches once the GDPR goes into effect in May 2018. The GDPR explicitly states that compromised companies must report breaches within 72 hours. Companies that fail to comply can suffer increased fines and penalties as a result.

Verizon Wireless

As many as 14 million Verizon mobile customers had their information compromised this July when the telecommunication company information was left on an unsecure server.

What makes this breach newsworthy is that it was not discovered by Verizon. It was instead discovered by Chris Vickery, the Director of Cyber Risk Research at UpGuard, bringing to light Verizon’s lack of preparation and vigilance before the breach.

Compromised information included customer cell phone numbers and account PINs, which could give hackers the ability to bypass two-factor authorization that many websites use for additional security.

Virgin America

Airline giant Virgin America revealed that on March 13, 2017, they identified an unauthorized entry to their computer system and subsequently discovered they were victims of a security breach.

During the breach, login information of more than three thousand Virgin America employees was compromised, and 110 employees had their personal information — including social security numbers and IDs — exposed. Virgin America, setting an example for many companies, immediately reported the breach to law enforcement agencies in California.

As a result of the breach, Virgin America required employees to change their passwords, and have implemented a series of additional measures to improve cybersecurity measures and incident response in the future.

Dun & Bradstreet

Dun & Bradstreet, an international commercial data company, left 33.7 million people exposed this past March when their database was compromised and subsequently leaked.

The data breach included more than 100,000 U.S military personnel, 70,000 financial institution employees, 35,000 healthcare professionals and one President of the United States, Donald Trump. The information released was meticulously organized and included full names, job titles, job function, contact information and more.

Equifax

We saved the breach that made the most noise in the news for last. This past July, Equifax was victim to one of the largest security breaches in history, affecting more than 143 million consumers in the U.S alone.

The company tracks and rates financial information about consumers, meaning that they possess a wealth of individual consumer data.

The Equifax breach compromised the names, social security numbers, birth dates and address of almost half of the U.S population, as well as the credit card information for 209,000 customers.

Much of the criticism surrounding the breach revolves around the fact that it could have been avoided with ease. Equifax confirmed that the breach was caused in May because of a vulnerability that had a patch available in March, proving the negligence on their part to protect their data and their customers data.

An automation solution could have therefore prevented the breach by alerting the cyber departments of the availability of the patch. If the lack of resources or tools was an issue, they could have run a PoC, as many financial service institutions have done, to find the best solution for their needs.

Dealing with the New Reality of Cyber Crimes

When considering the possibility of being targeted by hackers, the question companies need to ask themselves is not will it happen, but rather when will it happen, and how prepared will they be when it does.

To ensure companies are prepared, they need to actively engage in innovation designed to improve their protection capabilities.

Keep reading about why cybersecurity innovations are must-haves for enterprises.