In this article, we’ll explore three of the biggest security breaches for 2006. On the bright side, there weren’t as many large security breaches in 2006 as there were in later years. But as all of these cases show, security breaches are not always the result of hackers.
AOL Proudly Releases Private Data
It’s quite staggering how stupid a company can be. But in August of 2006, AOL released a 2-GB file with private data about its users to the public. And they were proud of it, too.
The data in question included 20 million web queries for 650,000 AOL users for the preceding three months. While the AOL usernames had been changed to a random ID number, a lot of sensitive information was included in the search data.
For one, people often search the Internet for their own name or the names of their friends and family members. By the same token, the searches also included addresses, social security numbers, and more personal information. For example, if a user looked at porn sites, data analysts would have that information about them. Of course, the search data could even be used to reveal criminal activity.
AOL has since taken down the site, but not until after it had already been copied and downloaded over 800 times. Anyone who was using AOL during that time can be fairly certain that someone has information about them due to AOL’s blunder.
Stolen Laptop Costs the VA $20 Million in a Settlement
The case of the stolen laptop went viral in 2006. It wasn’t just any laptop; in May 2006, the computer was stolen from a VA employee’s home along with a hard drive. Together, they contained personal information on 26.5 million veterans.
The data included names, birth dates, and social security numbers of millions of current and former service members. The theft was the largest security breach of the year. It also stands out because of the type of information that was stolen.
Fortunately, the FBI was able to recover the laptop. It’s unclear whether any data had been misused, and it’s quite likely that the thief meant to steal the laptop for its intrinsic value but not necessarily for that data it contained.
In 2009, the Department of Veteran’s Affairs settled the lawsuit regarding this security breach to the tune of $20 million. The money comes from the taxpayers and will be used to compensate individuals who were affected by the breach. The VA had been accused to be lax about security in the past, but since then the department has become serious about protecting its data.
Countrywide Financial Corp. Settles Data Breach for $6.5 Million
Between 2006 and 2008, a former employee of Countrywide Financial Corporation sold customer information to other lenders. The senior analyst used his position to obtain information on as many as 2 million loan applicants.
He reportedly sold their names and social security numbers along with other information to other mortgage brokers. While it may be common for mortgage brokers to purchase leads, this instance was different. The customer information was private and confidential and not given to Countrywide with the permission to resell.
As a result of this data breach, the company was stung by almost 40 different class action suits. The lawsuits claim that Countrywide deliberately failed to maintain reasonable procedures to protect customers’ records.
The individuals who were affected were all customers who obtained a mortgage from Countrywide prior to July 1, 2008. And while the company may end up paying closer to $20 million to settle these lawsuits, the affected customers won’t see much of it. The settlement only provides for reimbursement of actual expenses incurred by customers, such as getting a new driver’s license or paying for credit monitoring.
How to Safeguard your Information
After learning about security breaches from a previous decade, you may wonder how that relates to your company today. But there is a lesson to be learned from every one of these cases.
First, your company has to very careful before releasing data of any sort to the public. The data you want to release may be information that can benefit the public, but it can also potentially harm a lot of people. In the case of AOL, the data loss could have easily been prevented since it was intentional.
Second, your company has to be protective of its physical assets as well as its data. Saving data on computers, laptops, or other electronic devices is certainly acceptable, but it has to be done in a secure manner. All data should be encrypted, but your company also needs to keep the computers safe from burglary.
Finally, some data breaches are a result of internal leaks. If your employees have the ability to access a large amount of data, then it’s important that they are trustworthy. Ideally, you should limit your employees’ access as much as possible. You should only give them access to the information they need to use to do their job.
How eFileCabinet Can Help
eFileCabinet takes cybersecurity seriously; we can help you protect your documents from data loss. When you use our document management system, you can rest assured that all of your files are encrypted. In order to reduce the likelihood of internal leaks, we encourage you to set up role-based user access to limit what your employees can see. Last but not least, you can use the audit trail to verify the authenticity of your documents at any time.