The Biggest Data Breaches of 2018Charlotte McLeary
No matter how technologically advanced and secured your company, there will still be instances of data breaches that can happen. Take for example one of the biggest US banks. Its Chief Executive Officer admitted that the only things that will destroy its bank are nuclear weapons, meteors, and guess what, data breaches.
Today no matter how advanced or big your company is, you will still be vulnerable when it comes to data breaches. Just type into Google the famous and most significant data breaches in the world and you will find heaps of results.
Big companies and organizations are trying their best to avoid data breaches. They are focusing their efforts and resources in dealing with external threats and insider risks, which are the factors that cause data breaches. However, this should not be the case. What companies and organizations need to do to reduce data breach threats are awareness training and governance access. These may not entirely avoid data breaches, but it can mitigate any employee risk.
Many companies and organizations have been involved with data breaches caused by insider risks. Moreover, this case continues to grow each year. This has proven to cause significant damage to companies and their resources. You cannot just ignore insider risk, because if you do, there will be greater consequences that will happen. Even big companies and organizations are at risks.
As proof, here are some of the biggest data breaches that made headlines around the world.
One of the largest banks in the world, SunTrust, experienced data breach when one of its former employees successfully stole details to over 1.5 of the bank’s clients. According to the bank’s report, the breach happened in April and the information that was taken included names, contact information, and account balances. It was proven that an insider was responsible for the data breach. All the information that was stolen is bound to be sold to a third party.
The bank only found out that there has been a breach in their system when the culprit tried to print the records. This happened in February.
2. Punjab National Bank
Another data breach that made headlines around the world and that has caused billion-dollar damages happened at the Punjab National Bank. Punjab National Bank is the second largest state-run bank in India. The data breach damage resulted to over $1.8 billion. The crime happened in April and the bank already filed police reports to suspects who are jewelers that colluded with the banks’ two employees.
The data breach was a money transfer. It started when the jewelry firm opened a letter of credit to import its product of precious stones. The owner of the jewelry firm is Indian national Modi who is a well-known billionaire. The transaction between Modi and the two bank employees didn’t raise suspicion at the beginning. It was normal for a bank to pay suppliers on behalf of its clients who is Modi, and recover the money from the supplier's later on. However, it is uncommon to extend a letter of credit if the client is not able to pay in full on the said term. Because of this, the bank suspected that shady things are happening in the inside.
So they were right. The employees involved were issuing fake documents to obtain loans and transfer the money overseas so it won’t be tracked. With the counterfeit documents, the insider used SWIFT networks to move the money. This transaction is not recorded. That is why the bank was not able to find out sooner.
It is very worrisome that one of the high and advanced technology company Tesla to experience a data breach. Happened in 2018, a Tesla employee misappropriated highly sensitive information of the company and sold it to unnamed outsiders. According to Tesla CEO Elon Musk, the employee tried to make changes in the Tesla Manufacturing Operating System with the use of fake credentials. They were also exporting data to unknown third parties.
According to reports, the employee involved admitted the crime and said that he is only doing that because he thinks that the company is acting inappropriately. He created codes periodically to transport gigabytes of company data to an outside organization.
Some of the things that were hacked include confidential photographs, video of the company’s manufacturing systems and processes and even some financial details.
4. Florida Virtual School
Florida Virtual School experienced a data breach when the information of its 368,000 students was made public. This is dangerous as it can result in potential identity theft. Other information that hacked is from 1,800 faculty members. The information that was made public include social security numbers, addresses, and phone numbers. All of this information was stored on a single server. Also, this single server was left open without any password.
Florida Virtual School is the largest state-run virtual school in the US. It serves 6,000 full-time students and there are also other students who are taking online courses.
5. Pennsylvania Department of Education
An employee error caused the data breach that happened with the Pennsylvania Department of Education. Because of this, data and information belonging to all its systems user including teachers, school district officials, and the Department of Education staff were compromised. The data are records from teachers that are applying for the department and are holding certifications. They are using this kind of data to review applications and verify certifications.
The data breach that happened on February 22 around 12nn lasted for 30 minutes. During that time, anyone logging in on the system can see information of the teachers, district officials, administration and staff that include Social Security numbers.
As a precaution, the department offered free credit monitoring service to all the affected. Over 360,000 were affected by the said breach.
6. BJC Healthcare
BJC Healthcare, one of the largest healthcare systems in the United States had a data breached in January that compromised the personal information of all their patients. The breach was allowing access to their system without authentication. The information that was compromised includes Social Security numbers, driver’s license, addresses, contact numbers, date of birth, among others. There were 30,000 patients in the system.
According to an investigation, there was an error in the server configuration. The server was immediately reconfigured to prevent data loss and access.