Organizations carry a huge responsibility when we entrust them to keep our information safe. Unfortunately, they don’t always live up to our expectations. In the case of the Washington State Court, Evernote, and Yahoo Japan, millions of people became victims of security breaches. In this article, we’ll explore three different cases of data loss for 2013. Then we’ll go over what you can do to protect your information in the future.
Washington State Court Security Breach Affects Over 1 Million People
Sometime between September 2012 and February 2013, the Washington State Court’s systems became the target of hackers. At first, officials weren’t too concerned since they believed that public data was stored on the server. However, after a thorough investigation, it came to light that the server also stored driver’s license numbers and social security numbers.
Altogether, the hackers potentially accessed 160,000 social security numbers and one million driver’s license numbers during this attack. There were able to do so because of a detected vulnerability in the Adobe ColdFusion software. However, it’s unclear whether the state just didn’t have the most updated version of the software or whether the software had an error.
Who was actually affected by the breach? The server stored sensitive information on anyone who was booked into a city or county jail between September 2011 and December 2012, received a DUI between 1989 and 2011, was involved in a traffic case in 2011 or 2012, or was involved in a criminal case with the superior court in 2011 and 2012.
How many people were notified of this breach? Only 94. State officials apparently identified 94 people whose information was likely stolen. These people were notified by letter but they were not offered credit or fraud monitoring.
This case proves that states are far behind in protecting the identities of its residents. And while some may argue that it was easy to avoid becoming a victim by staying away from the court system, that doesn’t necessarily help anyone affected by the breach. Hopefully, all government systems (court and otherwise) will beef up security measures in the future to prevent similar attacks.
50 Million Evernote Users Forced to Reset Passwords
Online note-taking service Evernote became the victim of a security breach in March 2013. The company’s security team spotted suspicious activity on its network, which led the company to ask its 50 million users to reset their passwords.
According to Evernote, the hackers were able to gain access to Evernote user information including usernames, encrypted passwords, and email addresses. On the bright side, the payment information had not been accessed, and the content stored by users was safe as well.
As a result of this breach, Evernote hastened to let its customers know that it takes security seriously. Apparently, asking users to change their passwords is merely exerting an abundance of caution. And Evernote certainly has a point there. After all, changing a password is easy to do, and it’s always better to be safe than sorry.
22 Million Usernames Stolen from Yahoo Japan
In May 2013, Yahoo Japan announced that it had become the victim of hackers. The announcement came quickly after the breach. That in and of itself was good company strategy, especially after companies like Sony have received a lot of backlash for waiting to report data breaches.
In this particular case, hackers were able to cut Internet access to the servers of Yahoo Japan. As a result, there is a possibility that over 22 million usernames were stolen. The company doesn’t know for sure whether the file with the user names was stolen or not, but the possibility is certainly there.
And while the data loss potentially affects 22 million users, that’s only 10% of Yahoo Japan’s user base. Even though usernames are not enough to compromise an account, Yahoo Japan urges its users to reset their passwords just in case.
The 2-Sided Sword of Data Collection
On one hand, it’s necessary to collect and store a lot of information. The Washington State Court obviously needed to keep tabs on who was arrested and when. But when organizations keep sensitive information about anyone, they should be required to guard it from unauthorized access. The Washington State Court certainly failed in that instance. They also failed to notify the majority of the potential victims on top of that.
What Your Company Can Do to Keep Documents Safe
There are two things that your company must do to keep your information safe. First of all, you need to use a trusted document management system like eFileCabinet. Second, you need to limit the amount of information you collect and share.
eFileCabinet takes cyber-security seriously; we help you keep your documents secure with encryption. All of your information is encrypted, not just your passwords, which we do that for your peace of mind.
Limiting the amount of information you collect and share also makes sense. After all, the more information you collect, the more enticing your database becomes to potential hackers. The more information someone can steal from you, the more likely it is that they’re going to try. And even seemingly unimportant information can be used against you or your customers in the future if it gets into the wrong hands. When it comes to information storage, more may truly be less.