Data loss and cybersecurity are big topics today, but back in 2005 most companies didn’t even realize what they were up against. Nevertheless, there were already more than a handful of big data breaches to prove that criminals could exploit the Internet and do great damage. In this article, we’ll explore the biggest data breaches of 2005 and talk about how you can safeguard your information in the future.
AOL Employee Sells 92 Million User Names
Jason Smathers is a former AOL employee. In 2003, he used another employee’s login to steal a list of 92 million AOL email addresses belonging to about 30 million customers. Smathers admitted that he received $28,000 from Sean Dunaway who used the list to send gambling advertisements to AOL customers.
The breach is serious because of course the list has been passed around. In fact, the judge in this case stated that he had to close his own AOL account because he received too much spam. And he is probably not the only one to have done so in the wake of this security breach.
While Smathers was consequently fired from AOL, the news didn’t address how the company was going to safeguard from similar incidents in the future. Reportedly, AOL had been able to reduce spam emails for its customers since then, but the incident harmed AOL’s reputation.
In 2005, Smathers received a light sentence of 15 months and possibly a restitution fine of $84,000, because he cooperated fully with the government as the result of the plea bargain. The judge did not ban him from his profession, trusting that Smathers had learned his lesson.
40 Million Credit Cards Exposed
In June 2005, MasterCard International revealed a security breach with one of its payment processors. According to MasterCard officials, about 40 million credit cards may have been affected. The interesting part of the story is that MasterCard discovered a breach that originated with CardSystems Solution Inc.
CardSystems suffered a security breach on May 22nd. The company wouldn’t say how many cards were affected, but it seems clear that VISA, MasterCard, American Express, and Discover cards may have been affected. CardSystems fully cooperated with the FBI to investigate the incident.
According to MasterCard officials, an unauthorized entity put a specific code in CardSystems’ network. Also according to MasterCard, CardSystems did not have adequate protection at the time but the payment processor was being cooperative.
It’s lucky for credit card customers and CardSystems that MasterCard proactively monitors for fraud. MasterCard’s fraud-fighting tools detected the breach before it affected more customers. MasterCard also promptly notified affected banks and customers.
It’s still unclear what the actual damage was. Even though 40 million cards may have been exposed, they weren’t necessarily all stolen.
Personal Data for 3.9 Million Citigroup Customers Lost in Transit
In May 2005, Citigroup shipped a box of computer tapes containing information on 3.9 million customers to credit reporting agency Experian. The tapes were picked up by UPS and haven’t been seen since.
The information on the tapes included names, addresses, social security numbers, account numbers, payment histories, and other details on small personal loans. UPS couldn’t find a trace of the package after a nationwide search for it. Since the box was not scanned separately, the company wasn’t able to find the breakdown point.
According to company officials, the tapes were not encrypted. However, sophisticated cybercriminals certainly would know what to do with them if they ever got into the wrong hands.
Experian had long been urging companies to report data electronically to prevent this type of mishap. Citigroup was reportedly planning to do so in the future. In the meantime, Citigroup notified the affected 3.9 million customer through the mail and offered them 90-day free credit monitoring.
Is Data Loss on the Rise?
You may think that the loss of data has been on the rise within the last decades. However, the truth might look a little different. One reason the public learns about data leaks is the fact that many states now require companies to notify affected individuals. California was the first state to do this in 2003. This means that there may have been any number of security breaches that didn’t get reported to the public before that time.
Stealing personal data is actually more difficult now than it was before. Any regular thief can break into an office and steal files, but only sophisticated hackers can find unsecured data on the Internet. Unfortunately, a hacker can steal a lot of data in one swoop when they do find a loophole in the code.
eFileCabinet keeps your Information Safe
We take cybersecurity seriously at eFileCabinet. We encrypt all of your information and ensure that data gets stored securely. You can also take advantage of role-based user access to limit the information each of your employees has access to. Last but not least, we provide you with an unalterable audit trail so that you can verify the authenticity of your documents.