{"id":5817,"date":"2016-07-28T13:34:00","date_gmt":"2016-07-28T13:34:00","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=5817"},"modified":"2020-04-10T03:27:38","modified_gmt":"2020-04-10T07:27:38","slug":"2016-leaks","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/2016-leaks\/5817\/","title":{"rendered":"2016: Top 5 data leaks so far"},"content":{"rendered":"<p>We\u2019re halfway through the year 2016. At first glance, this year may have seemed a bit unspectacular from a cybersecurity point of view: not too many highly publicized events or incidents so far, with the exceptions of DROWN and several new APTs.\u00a0However, a deeper dig yields a number of major (or, rather, really large) data leaks that took place in the first half of 2016. For this list, we decided to include only \u201creal\u201d leaks, leaving out such events as the <a href=\"https:\/\/threatpost.com\/millions-of-stolen-myspace-tumblr-credentials-being-sold-online\/118362\/?utm_medium=blg&amp;utm_source=kb_post_160728&amp;utm_campaign=ww_promo\" target=\"_blank\" rel=\"noopener nofollow\">bulk sale of social network credentials<\/a> (it\u2019s unclear when and how that data was stolen).<\/p>\n<p>In this roundup, we talk about five true leaks and some lessons to be learned from them.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>2016: Top 5 data leaks so far #2016leaks<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Ft66x&amp;text=2016%3A+Top+5+data+leaks+so+far+%232016leaks\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p><strong>#5 Time Warner Cable (320,000 users affected)<\/strong><\/p>\n<p>Early this year, Time Warner Cable <a href=\"https:\/\/threatpost.com\/time-warner-cable-urges-320000-customers-to-change-passwords\/115815\/?utm_medium=blg&amp;utm_source=kb_post_160728&amp;utm_campaign=ww_promo\" target=\"_blank\" rel=\"noopener nofollow\">issued<\/a> a warning to its 320,000 customers urging them to change their e-mail passwords because hackers might have accessed the information.<\/p>\n<p>According to Time Warner, the data might have been accessed via \u201cmalware downloaded during phishing attacks or indirectly through data breaches of other companies that stored TWC customer information, including email addresses.\u201d<\/p>\n<p>TWC later said there\u2019s no indication that the company\u2019s systems were breached.<\/p>\n<p>However, as was disclosed later, customers who have e-mail accounts through Roadrunner, TWC\u2019s webmail portal \u2014 so, addresses at rr.com \u2014 are believed to be implicated in the incident.<\/p>\n<p><strong>Lessons:<\/strong><\/p>\n<ul>\n<li>Your customers can be a weak link. So it is in your best interest to remind your clients about dangers such as phishing. Consider advising them to use security solutions that include anti-spam and anti-phishing features. For example, Kaspersky Lab offers strong and recognized <a href=\"http:\/\/media.kaspersky.com\/pdf\/Kaspersky_Lab_Whitepaper_Anti_phishing.pdf\" target=\"_blank\" rel=\"noopener nofollow\">Anti-Phishing Technology<\/a> in both consumer and business solutions.<\/li>\n<li>If you know of any companies (partners, suppliers, or subcontractors) that can store your customers\u2019 information, investigate how they store and process this information. Your partners need to be ready to implement serious protective measures if necessary; if they aren\u2019t, you may need new partners.<\/li>\n<\/ul>\n<p><strong>#4: Centene (950,000 people possibly affected)<\/strong><\/p>\n<p>Six hard drives containing the health data of approximately 950,000 individuals were reported missing early this year.<\/p>\n<p>The drives, property of Centene Corp., a health-care enterprise, contained data from individuals who received laboratory services from 2009 to 2015, including names, addresses, birth dates, Social Security numbers, member ID numbers, and health information. No financial or payment information was stored on the hard drives.<\/p>\n<p>According to Centene, there was no indication the data was used inappropriately, but the company still found the situation serious enough to notify the affected persons, as well as the media.<\/p>\n<p><strong>Lessons:<\/strong><\/p>\n<ul>\n<li>Along with cybersecurity, the need for physical security of data equipment critical and constant. Allowing a handful of hard drives with sensitive information to go missing goes against the cybersafety culture as much as password \u201c1234\u201d does.<\/li>\n<li>Forming a culture of cybersafety and security may be a process of trial and error (or, rather, errors and consequences), but Kaspersky Lab, for example, offers special training programs for enterprises. Our program is called \u201cKaspersky Security Awareness,\u201d and as the name implies, it\u2019s educational but also very practical in nature. Learn more about these programs <a href=\"https:\/\/www.kaspersky.com\/advert\/enterprise-security\/intelligence-services?redef=1&amp;THRU&amp;reseller=gl_kbusinesspost_pro_ona_smm__onl_b2b_kbusiness_lnk_______\" target=\"_blank\" rel=\"noopener nofollow\">here<\/a>.<\/li>\n<\/ul>\n<p><strong>#3: Verizon (1.5 million enterprise customers affected)<\/strong><\/p>\n<p>A treasure trove of information on 1.5 million Verizon Enterprise customers reportedly <a href=\"https:\/\/threatpost.com\/data-on-1-5-million-verizon-enterprise-customers-up-for-sale\/117000\/?utm_medium=blg&amp;utm_source=kb_post_160728&amp;utm_campaign=ww_promo\" target=\"_blank\" rel=\"noopener nofollow\">made its way onto an underground cybercrime forum<\/a>. The seller requested quite a price: The entire database was offered for $100,000, but included in that price, the hacker(s) said, was information about security vulnerabilities in Verizon\u2019s site.<\/p>\n<p>Verizon, in turn, said that it had patched the vulnerability that led to the breach. Only basic contact information, such as names and e-mail addresses, had been exposed.<\/p>\n<p><strong>Lesson:<\/strong><\/p>\n<ul>\n<li>Even the largest entities occasionally miss some flaws in their front end or corporate networks, and those can become entry points for attackers. So it is wise to check the security of your own public websites, maybe even perform penetration tests.<\/li>\n<\/ul>\n<p><strong>#2: 21st Century Oncology Holdings (2.2 million records stolen)<\/strong><\/p>\n<p>A Florida-based cancer clinic network <a href=\"https:\/\/threatpost.com\/cancer-clinic-warns-2-2-million-patients-of-records-breach\/116668\/?utm_medium=blg&amp;utm_source=kb_post_160728&amp;utm_campaign=ww_promo\" target=\"_blank\" rel=\"noopener nofollow\">warned 2.2 million of its patients<\/a> that at least some of the health data, as well as Social Security numbers, were stolen from its computer network.<\/p>\n<p>The actual breach took place in October 2015, and the company brought in the FBI and a digital forensics firm immediately. The FBI requested that the firm delay the public announcement.<\/p>\n<p>21st Century Oncology was heavily criticized later for not better safeguarding its patients\u2019 data. The attack details are scarce; the firm chose not to specify the nature of the attack. It said only that in addition to security measures \u201calready in place,\u201d it had taken \u201cadditional steps to enhance internal security protocols to help prevent a similar incident in the future.\u201d<\/p>\n<p><strong>Lesson:<\/strong><\/p>\n<ul>\n<li>Digital forensics will help you to understand details of the breach, but it would be wiser to have some experts to look at your infrastructure before an intrusion. <a href=\"https:\/\/www.kaspersky.com\/advert\/enterprise-security\/cybersecurity-awareness?redef=1&amp;THRU&amp;reseller=gl_kbusinesspost_pro_ona_smm__onl_b2b_kbusiness_lnk_______\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Security Intelligence Services<\/a> provides, among all others, customer-specific Threat Intelligence Reporting, which serves to identify externally available critical components of your network.<\/li>\n<\/ul>\n<p><strong>And the award for the top site leak goes to\u2026 <\/strong><\/p>\n<p><strong>#1: The US Department of Health and Human <\/strong><strong>Services (5 million records)<\/strong><\/p>\n<p>The US Department of\u00a0Health and Human Services\u00a0(HHS) came under heavy criticism after it belatedly disclosed a major leak of medical data that affected as many as 5 million people.<\/p>\n<p>The circumstances of the breach are <a href=\"http:\/\/www.beckershospitalreview.com\/healthcare-information-technology\/hhs-under-fire-for-delayed-data-breach-report\" target=\"_blank\" rel=\"noopener nofollow\">outrageous<\/a>: It was not a cyberattack at all \u2014 it was common thievery. Burglars reportedly broke into the Office of Child Support Enforcement in Olympia, Washington, and took a personal laptop that contained up to 5 million names and Social Security numbers.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>And the award for the top site leak goes to\u2026 #2016leaks<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Ft66x&amp;text=And+the+award+for+the+top+site+leak+goes+to%E2%80%A6+%232016leaks\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>The incident took place in February, but HHS reported it publicly in late March.<\/p>\n<p>Two people were eventually arrested in connection with the burglary, but whether the laptop was recovered \u2014 and where the stolen data ended up \u2014 is unclear.<\/p>\n<p><strong>Lesson:<\/strong><\/p>\n<ul>\n<li>Mobile devices (that includes laptops) are rather easy to carry away \u2014 hence the term <em>mobile<\/em> \u2014and therefore, so is the data stored therein. The possibility of losing a laptop is always worrisome, but at least there is a way to decrease the worries about the safety of data: <a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/endpoint\" target=\"_blank\" rel=\"noopener nofollow\">encryption<\/a>. Personally identifiable data can be sold for very serious money, often much more serious than a laptop. But if the data is stored encrypted, it\u2019s not going to leak into the wrong hands.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>In this roundup, we talk about five true leaks and some lessons to be learned from them.<\/p>\n","protected":false},"author":209,"featured_media":15313,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[961,97],"class_list":{"0":"post-5817","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-leaks","10":"tag-security-2"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/2016-leaks\/5817\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/2016-leaks\/15050\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/2016-leaks\/12165\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/2016-leaks\/5817\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/2016-leaks\/5817\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/leaks\/","name":"leaks"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5817","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=5817"}],"version-history":[{"count":7,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5817\/revisions"}],"predecessor-version":[{"id":34772,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5817\/revisions\/34772"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15313"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=5817"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=5817"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=5817"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}