Data Breach Roundup: Major Incidences in May, June, and July
From large to relatively smaller organizations, data breaches again proved that security architecture is lackluster. More than 100 million people were affected in these breaches and still, there was little media attention that would have made businesses at large think of their security. Indusface brings you a brief compilation report of high profile breaches that companies should know about.
May Data Breaches
Indian Music Streaming Service
Although the data breach was revealed late in the month of May, most had no clue about what it was and how it affected the users and the organization. This leading online music portal in India was hacked through SQL Injection by a foreign hacker exposing details of more than 10 million users at a time. The hacker claimed that his intentions were not to sell this information, which could have easily fetched him thousands of dollars in the underground market.
Take a look at the underground rates for similar pieces of information in our post: Hackers make $193 per Credential Globally through Database Breaches
And here’s how it could have been prevented: All You Need to Know About SQL Injection
World Trade Organization (WTO)
Records of more than 53, 000 WTO officials were leaked in this shocking breach. It was revealed that names, phone numbers, email addresses, titles, login credentials, and other sensitive details were compromised by hackers targeting organization officials in Brazil, China, France, India, Indonesia, Pakistan, Russia, Santo Domingo, Saudi Arabia, Sri Lanka, and the United States.
Indian Taxi Service Provider
One of the leading online taxi service providers, which caters to more than 1 million passengers monthly, was accused of exposing customer data and credit card information. An internet security expert warned that the website and mobile application lacked authentication and encryption. A large part of the problem was cited in development techniques, which failed to lock mobile and web applications.
Here’s how they could have secured applications: 3 Must-Have Web Application Testing Features
June Data Breaches
iiNET
Things got serious for this leading Australian internet service provider when account information for 30,000 customers was being sold anonymously on social networking websites. What’s worse than iiNet had no idea about the data breach. Later, the company’s Chief Information Officer (CIO) stated that 30,827 customers were individually contacted and instructed to change their passwords to minimize repercussions.
OPM.GOV
The United States Office of Personnel Management was much talked about the incidence. In June, OPM internet security experts realized that their system had been compromised that allegedly stored information of around 4 million Americans. However, later in July, the FBI and DHS also joined the ongoing investigation and revealed that more than 32 million individuals might have been affected through the breach.
Japan National Pension System
Wall Street Journal had reported that approximately 1 million people were affected when the Japanese government’s universal pension system. Investigation revealed that an email virus corrupted two computers that transmitted data to hackers for days. In fact, a total of 27 computers were found to be infected by this virus.
July Breaches
Ashleymadison.Com
This is possibly the most talked about the data breach in the list exposing personal information on 37 million users. Ashley Madison is an online dating service for married individuals, which promotes extramarital affairs. The hackers are said to infiltrate into the website’s database for moral reasons and wanted the owners to shut down their service and threatened to publish the personal records.
Medical Informatics Engineering (MIE)
This US-based healthcare technology company with more than 50 centers still has no ideas about the breach beyond a figure. They know that 1.5 million records were compromised earlier in May, an attempt that stretched until July. In fact, a similar attempt was also uncovered on the UCLA Health System, where the breach affected 4.5 million users.
Trump Hotel Collection
While most of the other hacking attempts where are stealing information, Trump Hotel incidence was right down to the money. Earlier in July, hotel authorities reported a series of fraudulent credit card and debit card transactions across multiple locations. Los Angeles, New York, Miami, Honolulu, Chicago, and Miami were the most affected locations. The hotel chain is yet to reveal any other substantial information on the severity and amount of money lost due to these transactions.
Make sure that your website or mobile application is free of vulnerabilities. Get a free Website Security Check.