Information Technology Reference
In-Depth Information
A Growing Number of Victims
To show readers samples of how prominent cybercrime has become in the modern
era, readers are referred to an interesting article by Taylor Amerding published on
February 15, 2012, on the CSO Online website. The title is “The 15 Worst Data
Security Breaches of the 21st Century.” A few of his samples are discussed below,
together with other noteworthy attacks:
• In March 2008, about 134 million credit card numbers were stolen from
Heartland Payment Systems. The attack used a Software Query Language
(SQL) injection. A man named Albert Gonzalez was indicted along with
two unnamed Russians. He was convicted and sentenced to 20 years in
federal prison.
• In December 2006, hackers penetrated the network of TJX Companies
(which owns the chain of Marshall stores). Data on about 94 million credit
cards were stolen. At the time, the TJX internal network had no firewall.
It is possible that the theft occurred from in-store kiosks used to apply for
jobs.
• In March 2011, the email service company Epsilon was breached, and
millions of email addresses and customer addresses were apparently
stolen. Epsilon has more than 2,000 major companies as clients and
handles perhaps 40 billion emails per year. The stolen information could
be used for phishing attacks.
• In March 2011, a security company, RSA Security, was breached and had
perhaps 40 million records stolen. This might have been done by a foreign
government. When security companies like RSA are hacked, imagine how
easy it is to hack less sophisticated companies.
• In May 2006, the Department of Veterans Administration was hacked and
about 27 million records were stolen, including social security numbers,
names, addresses, dates of birth, and other personal data. The data were
not encrypted. This theft was triggered by the physical theft of an employ-
ee's notebook computer, which was stolen in a burglary. It is curious that
the employee reported the theft to the police at once on May 3, but the
Veterans Affairs Chief did not find out until May 16 and the FBI was not
brought in until May 22. Eventually, most of the data were returned, but
the hackers were not apprehended.
Search WWH ::
Custom Search