With the number of major data breaches that happened in 2014, it’s hard to deny that they've become a common occurrence in the security threat landscape. Major data breaches that hit large companies such as Target, Kmart, and Home Depot among others, have taught us that cybercriminals have gone from victimizing individuals to expanding their reach towards global-scale companies. Despite the many incidents and warnings that should have served as a reminder for many organizations and individuals, companies are still constantly hit by data breaches.
Though data breaches are seen as attacks that affect organizations, users must be aware that ultimately, cybercriminals are out to steal their data, especially data that contains private, personal, and financial information. To learn more, here’s a gist of notable data breaches, how they happened, and what we can learn from them:
The online auction house suffered a breach in May 2014 that compromised the account information of over 100 million customers. eBay notified users to change their passwords immediately and advised them to stay updated on the investigation.
What we learned: Though most users think that default security settings can help thwart the bad guys, it’s still always safer to go the extra mile and actively manage passwords. Simply put, using weak passwords make it easier for attackers to break into accounts. Using stronger, unique passwords across different accounts and changing them regularly can help protect your personal accounts, even if your details were leaked.
This investment banking institution shook headlines in October 2014 when it acknowledged that it had been breached. The breach reportedly affected over 76 million households and 7 million small businesses which resulted in the compromise of user contact details including names, addresses, phone numbers, email addresses, and others.
What we learned: The first security approach for users must be to update their software as well as their mobile apps. Users should also regularly check their banking statements, monitor transactions, and consider updating their passwords. It’s also wise to install security software to fight banking-related malware.
The Home Depot breach was carried out in September 2014, affecting users who shopped in their US and Canadian branches from April 2014 onwards. According to reports, about 7.2 million debit and credit cards were affected by the breach. Not long after the Home Depot attack, Kmart announced in October 2014 that its point-of-sale systems were compromised by malicious software that stole customer’s credit and debit card information.
What we learned: Affected and non-affected customers are encouraged to regularly monitor credit card reports and statements and inform their banks of any irregular transactions. Users can also ask their issuing banks for a replacement card if they feel that their accounts have been compromised.
Data breaches in the health care industry are hardly heard of. However, in August 2014, it was reported that Community Health Services Inc. was breached, compromising the information (Social Security numbers, names, addresses, birthdates, and telephone numbers) of patients who received services from doctors who were affiliated with the hospital group in the last five years. In response to the attack, Community Health removed the malicious software that enabled the attack and has taken appropriate security measures to prevent intrusions in the future.
What we learned: Health records that reside outside a patient’s database should be heavily secured by its provider. However, users must take the appropriate steps to secure their own data by employing proper identity theft protection. Like in most data breach cases, users are advised to always update their software and use strong passwords in multiple devices.
In August 2014, Sony has once again become a target of a distributed denial of service (DDoS) attack. The attack impacted online services—Sony’s PlayStation Network and Sony Entertainment Network. Though Sony representatives claimed that users’ personal information remain safe, the DDoS attack disrupted scheduled maintenance plans.
What we learned: DDoS attacks pose serious risks as attackers can gain control and access of a network and even a user’s system. As such, it’s important to use security software that can prevent likely attacks. In addition, avoid clicking on malicious URLs/links, spam emails, and suspicious posts in social media as attackers are keen on using such techniques to lure users into such social engineering traps which eventually lead to malware downloads.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.