Blog

January 09, 2019

Cybersecurity Failures Part II - Data Breaches from 2018

Data breaches are not a new phenomenon, and everyone who lives in the digital world is aware of the vulnerabilities that we face as individuals, or as businesses. Short of having no digital presence and staying completely offline, there is no way to achieve 100 percent foolproof protection for your private and confidential data. In Part I of our blog post, we looked at 2018’s most talked-about breach (Facebook), as well as the largest hack in terms of number of records (Marriott Hotels). In this continuing piece, we will look at a few more incidents that hit a whole new level of intrusion. As CIOs or IT security specialists, you may want to study the gaps or negligence in cybersecurity measures that led to these events and take the necessary steps to strengthen your enterprise security.

Cyber Attacks in 2018 that Resulted in Huge Data Breaches

  1. Exactis - Over 340 million records breached: In June 2018, Exactis, a relatively unknown Florida-based company, reported the breach of over 340 million records (still a rough estimate), including 230 million US consumers and 110 million businesses. This company is in the business of compiling and aggregating data that they collect from anyone who browses websites that use cookies. That includes practically every US citizen who accesses the internet. The leaked records contain information of individual names, addresses, contact details, as well as information on number and gender of children, personal interests, religion, pet ownership and more. Subsequent investigations revealed that this incident occurred due to gross negligence. The company did not have basic cybersecurity measures in place, and is now facing a class action suit. Although financial information was not part of this breach, other highly sensitive and confidential data was hacked, making this one of the most disturbing breaches of 2018.
  1. Cathay Pacific – 9.4 million records compromised: In October 2018, Hong Kong-based Cathay Pacific Airways Ltd. announced that unauthorized access had exposed the passport details, Hong Kong identity card numbers and credit card details of hundreds of thousands of customers. This revelation came on the back of the British Airways announcement about credit card details of 380,000 customers stolen from their website. Although they took serious hits in their share prices, both companies acted quickly to resolve the breach and notify their customers. They advised impacted parties to change their passwords, monitor their bank accounts and be wary of any scam emails.
  1. Amazon – Number of Records Impacted – Not Disclosed: In November 2018, just days before Black Friday, Amazon was the victim of a data breach that inadvertently exposed its customer names and email addresses. Although financial details were not part of this incident, the company is yet to disclose the exact number of records that were affected. When an enormous organization such as Amazon faces such technical glitches, it is not hard to imagine the magnitude of the potential data loss, in the event of a more severe attack.

Cyber Security - An Ever-changing Landscape

While we have listed only a few instances that took place in 2018, more will follow, and no person or business will ever be completely safe in the online world. As individuals, here are some precautions that will limit the damage, in case any of your personal information is stolen:

  • Use unique passwords for every website you visit or app you download to your phone and other mobile devices.
  • Modify the app permissions and limit access to only the necessary information required to operate the program.
  • Be cautious about what information you post on social media. Be wary of fake surveys, scam emails and phishing links on websites you visit.
  • Monitor your credit reports and bank accounts regularly for any suspicious debits or withdrawals.
  • Practice safe browsing techniques, such as:
    • Use the private or incognito mode
    • Kill or block all cookies
    • Turn off the location setting in your browser
    • Use private search engines in place of Google
    • Opt out of any website trackers
    • Disable Java and unused plug-ins

As IT security specialists, you can never be too careful about your customer information. Make your staff and employees cyber-aware, and ensure that they follow the same precautions listed above. Additionally, invest in comprehensive cybersecurity measures that are sophisticated, interactive and preemptive.

Whether you need to protect your business data on the cloud, on-prem, or through a hybrid solution, you can rely on GlassHouse Systems to serve your cybersecurity needs. As a cross-industry IT security expert, we have been serving clients across North America for over 25 years. Our elaborate Cyber Security Insight report will help you map your existing security landscape and identify the vulnerabilities. Furthermore, our experienced technicians will help you choose the solutions that address the weaker areas and strengthen your enterprise security. From SIEM and Endpoint Protection, to Application Security, Access and Identity Management, our innovative solutions will help secure your systems and mitigate the risks of cyber-attacks.

Contact us to learn more about our IT security assessments and security managed services.

For Canada and worldwide, contact our main Canadian offices:

  • +1 (416) 229-2950
  • +1 (416) 229-9096

By email: canada@ghsystems.com

For all US-based enquiries, please contact our main US offices at:

  • +1 (630) 724-8500
  • +1 (630) 724-8509

By email: us@ghsystems.com

TAGS: cyber security, Security