As far as data security goes, 2017 was an interesting year. There were a number of high-profile incidents that made headlines around the world, and at times, it seemed as if a major data breach was taking place every other week.
Here, we’ll examine five of the most significant 2017 data breaches — from major hackings to misplaced gadgets. We’ll look at how, when, and why they happened, and what the negative impacts were for the unlucky companies involved.
Deep Root Analytics
In June 2017, Gizmodo revealed that the details of over half of American voters were stored on a publicly accessible Amazon server that was used by the company Deep Root Analytics.
This data went beyond just contact information. It included reports on voting habits, political activity, and outlook. And all of this was available for anyone to access — no password required.
Deep Root Analytics was extremely lucky on a number of counts. The unsecured database was discovered by a journalist — who alerted authorities before writing about it. As a result, the damage done was mostly to the firm’s reputation. But if a cybercriminal had stumbled across the data instead, it would have been a very different (and much more expensive) story.
In March 2017, the global consultancy firm Deloitte was attacked via a poorly secured administrator account — all the hackers had to do was defeat a single password, and they were granted almost unlimited access to client information. Although the hack was discovered in March 2017, it’s entirely possible that the attackers enjoyed free access to Deloitte’s data for over a year.
The breach affected a relatively small number of Deloitte’s high-profile clients, but it was still a source of some embarrassment — particularly as part of the company’s business involves advising their clients on the risks associated with cyber attacks …
However, Deloitte did respond well to the attack — undertaking a comprehensive review of all security measures and bringing in outside experts to uncover further vulnerabilities. Although they took a reputational hit, they’re now on the road to recovery.
Deloitte’s response to a catastrophic data breach is as good as it gets. However, one company that wasn’t quite so savvy was Uber. They were targeted by a hacker in May 2017, and the attacker stole the details of almost 60 million users (which the attacker used to hold the company ransom).
Uber, desperate to cover up the incident, paid off the hacker through a bug bounty program, making it appear as if they had been working together from the outset. Of course, this deception resulted in a huge amount of negative press when it came to light.
Not only that, but Uber failed to disclose news of the breach — something they were obligated to do by law. Eventually, this issue led to a settlement with the Federal Trade Commission. As part of the settlement, Uber will now face independent security audits for the next 20 years.
The Heathrow Files
One of the most alarming data breaches in 2017 was also one of the most mysterious. In October 2017, a member of the public found a USB drive lying in the gutter on a street in London. On it were thousands of files containing confidential information about the security arrangements at Heathrow International Airport — including a package of documents that detailed security for the royal family and the Queen.
The worst thing about this breach wasn’t the sensitive nature of the data involved — it was that nobody knew how it ended up where it was. How the files were extracted and how they were lost remain unanswered questions to this day.
Nonetheless, Heathrow remained calm in the face of adversity, launched a huge (and costly) internal investigation, and reviewed procedures across the entire airport.
If you’ve heard of the credit reporting agency Equifax, then you’re probably more than familiar with this particular data breach. Unfortunately for this company, their name is now inextricably linked with this incident — an incident that involved a data breach of the details of 145 million Americans (and counting).
To add insult to injury, there are reports that Equifax was warned that their public infrastructure wasn’t secure but took no action for six months. By the time they finally did get around to securing their data, it was — unsurprisingly, perhaps — far too late.
The consequences of the breach were devastating. The company lost contracts worth millions of dollars, the chief executive “retired early” over the incident, and the company faced a Senate Banking Committee hearing. The sheer magnitude of this breach means that it’s fairly unlikely Equifax will ever fully recover.
At the beginning of this article, we called the companies affected by these particular data breaches “unlucky.” And while this might be true, their vulnerability wasn’t exactly down to chance. Although you can never be 100 percent secure, a robust data security strategy could have made all the difference for the firms listed above.
Want to avoid joining these companies on a long list of data breaches? Get in touch with our team to discuss security solutions for your business.