The tech industry isn’t exempt from data loss, either. In this article, we’ll explore big security breaches affecting Fidelity Investments, Ubuntu, and Adobe. Afterwards, we’ll discuss how information can be safeguarded going forward.
Fidelity Investments Responsible for Theft of HP Employee Data
In 2006, a stolen laptop led to the exposure of almost 200,000 employee records. Fidelity Investments is a company that provides services to other companies including Hewlett-Packard. One of the laptops used by several Fidelity Investment employees in offsite locations was stolen in March of 2006.
The laptop contained very sensitive information for 196,000 Hewlett-Packard employees. The lost data included names, addresses, birth dates, Social Security numbers, and other employment-related information. Supposedly, the information is not easily accessible on the laptop, but it’s certainly not encrypted, either.
Investigations haven’t found the missing laptop, but they also haven’t shown any fraud resulting from this security breach. Officials assume that the theft was not aimed at data but rather the laptop itself.
Hewlett-Packard and Fidelity notified affected employees of the breach, and Fidelity stepped up monitoring on HP accounts, as well as offered free credit monitoring for the victims of the breach.
Almost 2 Million Ubuntu Forum Users Exposed
In 2013, Ubuntu forums became the target of hackers. All in all, 1.82 million user accounts were exposed. The extracted data included email addresses, user names, and passwords.
The silver lining is that the passwords were encrypted, so the hackers might not be able to use them. However, Ubuntu’s forum administrator Canonical advises users to change their passwords as a precaution. And if forum users have that same password in use on other sites, they should change it elsewhere, as well.
Security experts commented that the MD5 hashing algorithm used to encrypt the passwords was an inadequate means of password protection. There are more robust storage schemes that involve the use of scrypt or other slow-hashing algorithms. With a more secure storage system, it would take hackers months, years, or even centuries to decipher hashes.
Canonical deserves credit for announcing and reporting the breach right away, and requiring users to change their passwords as a result.
Adobe Brach Impacted 38 Million Users
In October 2013, Adobe announced on its blog that encrypted consumer credit card records for nearly three million users was stolen. The breach also included login data for an unknown number of accounts. But it gets much worse.
By the end of the month, hackers posted a file containing more than 150 million records of usernames and hashed passwords on AnonNews.org. While the file is no longer online, Adobe contends that it looks to be the same file as the one stolen from its servers.
According to Adobe, all 38 million active users were notified of the breach and asked to change their passwords. Adobe was still working on contacting inactive users, as the hackers obtained a lot of inactive and test Adobe IDs along with the valid ones on the list.
The good news is that none of that information seems to have been used fraudulently. Surprisingly, however, the hackers also got a hold of some of the source code for Photoshop which was briefly displayed on a public website.
As a result of the security breach, Adobe has offered free credit monitoring for individuals that were affected through Experian.
The Irony of Security Breaches in the Tech Industry
When hackers are able to access secured data from organizations in the technology industry, it might seem ironic to affected customers. After all, we’d expect better protection from this tech-savvy industry than from any other.
On the bright side, it looks like even the big security breach impacting Adobe didn’t necessarily result in identity theft or credit card fraud. Part of the reason is that user passwords were properly encrypted making it difficult for hackers to use them.
The Importance of Strong Passwords
With the recent data losses it becomes clear that it’s important to set up strong, unique passwords for every service you sign up with. A security breach with one company can potentially set you up for unauthorized access with other accounts if your login credentials are the same. A strong password should contain a mix of characters, including letters, numbers, and symbols. The longer the password, the more secure it’s likely to be.
How eFileCabinet Protects Your Information
You may not be storing sensitive data like user names, passwords, or Social Security numbers with eFileCabinet, but you’ll still want to keep your documents safe. eFileCabinet takes cybersecurity seriously. We encrypt all of the information that’s stored in the Cloud, which means it would be no use to anyone who would access or intercept it. We also encourage you to set up role-based user access to limit access to your documents. Last but not least, we encourage you and your employees to set up strong user passwords to keep your information safe.