When you compare security breaches from prior years with 2009, it’s easy to see that the number and severity of security breaches have increased. There is obviously a need for companies to work together to protect themselves from hackers. However, some companies like RockYou just don’t take information security seriously.
Hackers Expose 100 Million Credit Cards in Heartland Security Breach
What’s the worst thing that could happen to a payment processing company? Having a hacker get into your database and steal payment information for all of your customers. That’s exactly what happened to Heartland, at the time the fifth largest payment processor in the United States.
The intrusions into the system reportedly started in May 2008. The sad part is that Heartland had passed an audit after the hackers were already established in the system almost a year later in April 2009. According to company officials, their servers get pinged over 200,000 times a day in an attempt to steal information. By the time the investigations found the problem, there were 13 different pieces of malware infiltrated on their network systems.
The first inkling that something was wrong came from Visa. The company reported that some card issuers were reporting breaches. But it still took two 3rd-party forensic teams almost three months to find the intrusion.
By 2010, Heartland had already recorded $12.6 million in expenses related to the intrusion, most of them litigation and fees from Visa and MasterCard against Heartland’s sponsor banks.
While millions of customers may have been affected, the blame can’t be solely laid at Heartland’s feet. The insecurity of credit cards is also a problem for Visa, MasterCard, and the banks, which is why the new chip technology is increasingly being used today.
32 Million User Accounts Exposed by RockYou
RockYou, a social application site for games, suffered a serious data breach at the end of 2009. Hackers were able to get hold of 32 million user account logins and passwords. It’s easy to see why hackers were able to get the information because the site was very vulnerable at the time of the incident.
The biggest problem is that RockYou was storing passwords without encrypting them. Anyone who can access the information can therefore use the passwords without any difficulty at all. Another problem was that the website didn’t allow users to store lengthy or complicated passwords. By the limitations set by the site, passwords are only five characters long and cannot contain punctuation.
Last but not least, RockYou failed to notify its customers of the breach. Instead, they tried to cover it up. They didn’t make an official statement regarding the attacks until the hacker taunted them. But yet, RockYou users still won’t know about this breach unless they happened to read the news about it online.
Affinity Health Settles Security Breach for $1.2 Million
Before the Department of Health and Human Services (HHS) made it public that Affinity Health had left patient-identifiable health information on one of its copying machines, Affinity had not acknowledged a security breach. It’s quite possible that company officials weren’t even aware of what was happening.
The lesson that can be learned from the Affinity Health data loss is that companies must be very careful when selling, destroying, or giving away electronic equipment of any kind. In Affinity’s case, a photocopier was the culprit. The copier (along with probably six others) had been resold without wiping its hard drive.
CBS reported finding about 300 pages of personally identifiable information on the copier’s hard drive. That included prescription drug information, blood tests, a cancer diagnosis, as well as the name of sex-crime victims and drug-raid targets.
According to the breach summary report, about 344,579 patient records have been compromised by Affinity Health. That’s why the company ended up settling the case for $1.2 million and the promise to procure and swipe the affected hard drives if at all possible.
Security Breach Reporting
While companies may have violated patient confidentiality in the past, they weren’t always required to report security breaches. In fact, breach reporting to the Office for Civil Rights only became mandatory in September 2009. Four years later, the website already disclosed 646 major breaches, each affecting more than 500 individuals. The amount of data that has potentially been breached is simply staggering.
How to keep your Information Safe
It’s important to take cybersecurity seriously to prevent data loss. Whether your company is storing sensitive health records or trade secrets, you want to make sure that this information never gets into the wrong hands. When you use eFileCabinet to manage your documents, you can rest assured that all of your files are encrypted. Additionally, we make it easy for you to give limited access to employees or clients to help you share the files they need to see without exposing the rest of your documents to unauthorized individuals.