The recent upswing in big data breaches has major corporations and businesses wondering if their networks and client data is truly secure, and these breaches can represent real dangers for both companies and clientele, resulting in irreparable trust issues affecting brands.
In an eye-opening study from KPMG, it was found that upwards of 30% of customers would stop shopping at a retailer for an extended period of time after learning of a customer information data breach, while 19% noted they’d abandon shopping with the company completely.
Some corporations may be stuck in a rut of passive solutions they think are covering all their security holes, but as 2018 comes to a close, we’ve been looking back on some of the most notable data breach cases in recent memory. Consider these massive breaches when deliberating how to better protect client data utilizing active cybersecurity solutions.
Facebook Data Breach
Undoubtedly the biggest cybersecurity story of the year was the hack of the global social media giant, Facebook.
In March, a political data firm called Cambridge Analytical reportedly managed to successfully collect the personal information of approximately 50 million Facebook users via an app that allowed the firm to scrape the details of users personalities, social networks, and engagement on the social media platform.
The firm reported gaining access to the info of only 30 million users, but after their own investigation, Facebook released a statement saying closer to 87 million members of its platform had their information stolen or were forcibly logged out of their accounts – most notably, Facebook CEO Mark Zuckerberg himself. Cambridge Analytica gained access to Facebook’s code via three vulnerabilities, but this publicized scandal wasn’t really a true data breach – rather, it was more of a manipulation and a potentially illegitimate use of their access to FB’s user data.
This is where things get interesting.
In a separate event related to the harvesting of these profiles and information, speculation from CNN noted info gained in the hack could be used to publish public/private user messages online for all to read, but the Guardian advises 50 million Facebook profiles were used to build a powerful software program that could be used to profile voters in order to predict and influence political choices at the ballot box.
The hackers were rumored/feared to be Russian Intelligence, gathering info from politicians accounts to use to influence votes during the American midterms or the 2020 election. At the time, however, the company was owned by hedge fund billionaire Robert Mercer and led by Donald Trump’s key adviser Steve Bannon. They used this information – taken without authorization – to profile individual US voters, targeting them with highly personalized political messages and advertisements.
Sony Data Breach
In November of 2014, Sony was the victim of a crippling cyber attack, thought to be the product of North Korean cyber attacks preceding the controversial release of Seth Rogen film, The Interview, which chronicled a humorous attempt at assassinating North Korean leader, Kim Jong-un.
The cyber attack targeted Sony Pictures, with employees logging into its network greeted by menacing imagery of fiery red skeletons, the sounds of gunshots, and scrolling textual threats perched atop the zombified heads of two Sony top-level executives. Hacker malware had managed to leap from machine to machine – spanning continents – wiping out half of Sony’s global network and erasing every trace of data stored on 3,262 of the company’s 6,797 personal computers and 837 of its 1,555 servers. The malware took it one step further by encrypting special deletion code within the virus that rendered computers essentially brain-dead, making it nearly impossible to fix.
Second, and perhaps most damaging to Sony Pictures, the hackers dumped nine batches of confidential files onto public file-sharing websites including salary lists, over 47,000 social security numbers, and unfinished movie scripts. Ten, 5 films – four unreleased – were leaked to piracy websites for public viewing.
MyHeritage Data Breach
Affecting the personal data of a whopping 92 million customers, online genealogy site, MyHeritage, was the victim of a massive data breach on June 4th, 2018. The companies Chief Information Security Officer revealed the company had located a file entitled “myheritage” on a private server outside of the company.
Upon inspection, the company learned the file contained all the email addresses of users who had used the service prior to October 26th, 2017. The file also contained passwords, not thankfully no payment information.
The company stores DNA and family tree information that could be considered highly valuable to a number of industries, but the company released a statement saying since it stores that data on separate servers than email addresses, there was no reason to believe DNA-linked information had been compromised.
Exactis Data Breach
This one is very interesting. A marketing and data aggregation firm from Florida, Exactis, exposed a database of its clients’ personal details open on a public server in June of 2018. The database contained over two terabytes of information including the information of millions of Americans and businesses.
The data breach exposed email addresses, physical addresses, phone numbers, and even critically important and private information such as the names and genders of customer’s children. Wired reported the leak didn’t appear to contain credit card or social security info, but it did go into minute details regarding affected persons, including highly personalized characteristics for every one of the 340 million names.
To put that into perspective, that’s highly personalized information on nearly every last American citizen. Vinny Troia, founder of the NY-based security company, Night Lion Security, and the finder of the file – called the data breach “one of the most comprehensive collections I’ve ever seen.”
Marriot Hotels Data Breach
A whopping 500 million customers of the Marriot Hotel group, Marriot International, had their records compromised by an unauthorized data breach in November of 2018, by hackers who reportedly had been able to access the Starwood reservation network since 2014, a separate hotel chain purchased by Marriot in 2016.
Marriot was able to investigate after being alerted by an internal cybersecurity tool that somebody was actively trying to access the Starwood database.
The investigation discovered the culprits were able to successfully copy and encrypt information and records of up to 500 million customers, notably names, addresses, phone and email information – including much more serious data like passport numbers, credit account information, as well as arrival and departure information.
Active & Proactive Cyber Security Solutions
Proactive defense cybersecurity strategy helps drive the likelihood of success against the onslaught of cybercriminals. There are three ways to intercept and combat these cyber attacks to client data:
Traditionally passive & reactive security approaches are centralized around detection and reaction to threats that infiltrate a system. They act as a wall, seeking to stop attacks before they start – but their downfall is their sole ability to react after a breach has happened – meaning, it’s already too late.
Active cybersecurity solutions build upon those reactive measures with enhanced security monitoring in real-time. They manage vulnerability and use advanced measures like advanced firewalls and multi-factor authentication to prevent and deter hackers from gaining access, actively seeking ways to thwart evolving hacker malware from gaining access to valuable information.
Proactive measures are intelligence-led cybersecurity strategies and assessments that work in real-time to detect and monitor hacker behaviors by identifying potential weaknesses and gateways for cybercriminals to access.
By proactively working to eliminate gateways and reduce the chance there can be a breach in the first place, active and proactive cybersecurity measures and strategies are absolutely essential to preventing and eliminating the threat of client data breaches in the modern digital landscape.
In a modern digitized world that covers client and customer information, it’s never been more important to place an emphasis on protecting client data using active cybersecurity strategies and solutions.
Do you have an active cybersecurity solution in place for your client data? Contact Shield today to begin protecting the data your customers have trusted you with.