Thursday, 17 December 2015

Top security stories of 2015

Not a shocker to have data breaches lead the way as criminals get ever more devious.


More data breaches

Hacking Team, Comcast, Ashley Madison… the list goes on of companies who became just another notch in the belt of cybercriminals. Like in years past, data breaches were top of the list for our year in review story. Here are some stories that made headlines in 2015.

Dell puts privacy at risk with dangerous root certificate
Dell has come under fire for shipping PCs with a pre-installed trusted root certificate that can be used to compromise the security of encrypted HTTPS connections.

"Surely Dell had to have seen what kind of bad press Lenovo got when people discovered what Superfish was up to. Yet, they decided to do the same thing but worse. This isn't even a third-party application that placed it there; it's from Dell's very own bloatware," commented the Reddit poster under the name "rotorcowboy".

Comcast Xfinity Wi-Fi discloses customer names and addresses
The Xfinity Wi-Fi service from Comcast disclosed the full name and home address of residential customers, which is something the company says isn’t supposed to happen. The disclosure of such information increases an already exposed attack surface, by allowing anyone with malicious intent to selectively target their marks.

It has been just over two years since Comcast launched the Xfinity Wi-Fi service, which created a separate wireless network in homes and businesses for existing customers and the general public.

Police arrest 15-year-old in TalkTalk hack
UK telecom TalkTalk disclosed a possible breach, which could impact upwards of 4 million customers. Those responsible for the attack likely compromised names, addresses, birthdays, phone numbers, email addresses, TalkTalk account information, credit card data, and banking information. A 15-year-old boy was later arrested.

Soon after the disclosure, TalkTalk reported that someone claiming to be responsible for the attack demanded a ransom, but the company didn't go into detail on the demand itself.

4.6M customers impacted by Scottrade breach
Brokerage firm Scottrade alerted customers to a data breach, which affected 4.6 million people. Scottrade learned about the problem after being contacted by the FBI. According to the email sent to customers, and a public notice, the authorities learned that Scottrade was compromised while investigating other data-theft cases.

"If your information was contained in the affected database, you will receive a letter or email from Scottrade with additional information and resources. We have secured the known intrusion point and conducted an internal data forensics investigation on this incident with assistance from a leading computer security firm. We have taken appropriate steps to further strengthen our network defenses," Scottrade told customers.

T-Mobile US says Experian breach exposed 15M customers
T-Mobile US CEO, John Legere, said that the names, addresses, Social Security numbers, birthdays, and ID information on more than 15 million customers had been compromised after a breach at Experian.

"The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015," a statement from T-Mobile's head executive added.

Ashley Madison hackers publish compromised records
The group responsible for the Ashley Madison hack published the compromised records on Tuesday, delivering on the promise made when the hack was announced in July. The compromised records include account profile information, personal information, financial records, and more.

In July, a group calling themselves Impact Team leaked a selection of files that they claimed originated form Avid Life Media (ALM), the company behind adult playgrounds of Ashley Madison, Cougar Life, Established Men, and others.

IRS: Breach larger than first reported, 220k additional taxpayers affected
The Internal Revenue Service (IRS) said that the data breach reported in May has now impacted a total to 330,000 taxpayers. In addition, the agency sent 170,000 taxpayers notifications that their personal information was potentially exposed during the incident.

The compromise occurred through the "Get Transcript" application used by the tax agency. Using previously acquired personal information (PII), criminals were able to access the "Get Transcript" application to obtain old tax returns.

OPM says second breach compromised 21 million records
The breach at the Office of Personnel Management impacted 21.5 million people.The incident exposed Social Security Numbers and biometric data for federal employees and in some cases their families. OPM became aware of the second breach while investigating the first one disclosed in June.

At the time, the OPM said that the breach impacted the personal information of 4.2 million current and former federal employees. This second incident began in May of 2014 and went undiscovered for a year, however the OPM has stated that patches applied to systems in January halted the extraction of data.

Hacking Team hacked, attackers claim 400GB in dumped data
Specializing in surveillance technology, Hacking Team is now learning how it feels to have their internal matters exposed to the world, and privacy advocates are enjoying a bit of schadenfreude at their expense.

Hacking Team is an Italian company that sells intrusion and surveillance tools to governments and law enforcement agencies.

The attackers published a Torrent file with 400GB of internal documents, source code, and email communications to the public at large.

CareFirst data breach affects 1.1 million people
CareFirst BlueCross BlueShield (CareFirst) disclosed a data breach that impacts 1.1 million current and former members, who registered to use the insurer's websites or who did business with them online prior to June 20, 2014.

CareFirst stated that they detected the initial compromise and took action to contain the attack. The assumption made was that their actions helped avoid a crisis.

Anthem: 78.8 million affected, FBI close to naming suspect
Anthem, the nation's second largest health insurer, said that 8.8 to 18.8 million people who were not customers could be impacted by their recent data breach, which at last count is presumed to affect some 78.8 million people. This latest count now includes customers of independent Blue Cross Blue Shield (BCBS) plans in several states.

No comments:

Post a Comment