Data loss should be a real concern for any company that stores information about its customers. Unfortunately, many organizations lag behind the newest security updates. Both poor security and the large amount of data they collect can make government agencies and large web-based organizations the perfect target for hackers. In this article, we’ll explore how the Massachusetts government, Mozilla, and the IRS were hacked due to poor security. Then we’ll talk about what your organization can do to prevent a similar breach.
Security Breach Affects 210,000 Massachusetts Residents
In April of 2008, the Massachusetts Executive Office of Labor and Workforce Development became the victim of a security breach. According to officials, the personal financial information of about 210,000 unemployed Massachusetts residents may have been stolen.
How is this possible? It turns out that about 1,500 computers were infected with a computer virus called Qakbot. Qakbot is a virus that is introduced through an external device, a network share, or from the Internet. When computers are connected by a network, one infected can spread the virus to every computer in the system. This particular virus is designed to collect large amounts of data and then transfer that data to an external device or via the Internet.
A virus of this sort is a major threat to the data security of government agencies. The spokesperson said that the affected data in this case included names, addresses, and Social Security numbers of the potential victims. It also included information on 1,200 employers that use the state system to enter information.
Unfortunately, nobody knows if any of the data really got into the wrong hands. If so, the repercussions could last for many years. After all, Social Security numbers never expire, so identity thieves could open up lines of credit 10 years down the road or later.
As a result of this security breach, Massachusetts passed stricter cyber security laws. These laws don’t just apply to government agencies but to every business in the state.
Mozilla Leaks 76,000 Developer Email Addresses
Mozilla, which is the company behind the web browser Firefox, admitted in 2014 that 76,000 email addresses were leaked. Ironically, the leak was the result of a data sanitization process. Along with the email addresses, the company also dumped 4,000 encrypted passwords on a publicly accessible server.
Mozilla removed the file as soon as they learned of the leak. They also prevented the program from dumping additional data. However, nobody knows whether this information was accessed and used by anyone.
The people who are affected by this security breach are working on open-sourced projects through the Mozilla Developer Network, or MDN. MDN users are advised to reset their passwords just in case. Users should also reset the passwords on other sites if they use the same password elsewhere.
IRS Data Breach Affects 334,000 People
In the past, the IRS offered taxpayers the convenient option of getting a transcript of previous years’ tax returns via their website. Unfortunately, criminals used this service to obtain information for about 334,000 taxpayers. The scary part is that the thieves already knew the victims’ names, birth dates, and Social Security numbers.
As a result of the ability to download tax returns directly from the website, these crooks now had a lot more information to work with. Having previous years’ tax returns available allows them to file fraudulent tax returns and claim refunds, which they already tried successfully to the tune of nearly $50 million.
As a result of this serious security breach, the IRS no longer offers its online transcript service. Taxpayers now have to wait to get the tax return copies in the mail. Consumers who are applying for a mortgage will need to think about these longer wait times.
How to Keep Information Secure
There are lots of things companies can do to keep information secure. Here are a few ideas you should consider to keep your data safe:
- Limit the amount of personal information you store about employees and customers
- Limit your employees’ access to sensitive information
- Limit administrative rights for users
- Educate your system users about the importance of cyber security
- Update anti-virus software
- Monitor your networks by installing a monitoring device
The biggest challenge with keeping your information secure is taking the initiative to evaluate your current system and update it as necessary. Of course, if you hire another company to keep your documents secure for you, then you have to make sure that they follow the same steps above.
How eFileCabinet Protects Your Information
eFileCabinet takes cyber security seriously. We encrypt every file, because if it’s important enough for you to store, then it’s important enough to be encrypted. We also help protect you from data loss by offering you the ability to set role-based user access. Additionally, we provide your administrators with an unalterable audit trail to help you ensure and verify the authenticity of your documents.