When Network Security Fails: The 5 Biggest Data Breaches in Year 2017

Equifax

Perhaps the most notorious attack of the year targeted Equifax, one of the largest credit bureaus in the country. Hackers were able to steal data from a reported 145 million people, making it one of the largest hacks of all time. Sensitive information such as birth dates, social security numbers, home addresses and more were stolen.

The hack was discovered two months later and can pose a massive threat to victims for years because of identity theft. The attack on Equifax has lead to some controversy over whether or not data brokers like Equifax should become more tightly regulated. These firms store our personal information and then sell it; and when they lose, we all lose. As of December 2017, the person(s) responsible for the Equifax hack still remains a mystery.

Yahoo

In late 2016, Yahoo CEO Marissa Mayer announced that around 1 billion Yahoo accounts had been compromised. After further investigation in 2017, the reissued a statement claiming that all 3 billion of their accounts had been hacked. This attack is in addition to a separate attack in 2014 that had compromised an estimated 500 million accounts. Hackers deciphered Yahoo’s encryption and made off with user’s names, birth dates, phone numbers, and passwords.

According to the New York Times, while the usage of this stolen data has yet to be discovered, a group of hackers in Eastern Europe has started offering it up for sale. While a Canadian hacker plead guilty to the 2014 attack, no one has been held responsible for the larger attack just yet.

NSA

Last year a group known as the Shadow Brokers released a set of hacking tools believed to be owned by our National Security Agency. The tools allow the user to compromise several Windows operating systems and servers. These tools have been used in a number of cyber attacks around the world, including on the American drug company Merck, as an example. The tools were also used to develop the cyber attack dubbed ‘WannaCry’.

WannaCry

The ransomware attacked Windows computers and victimized over 200,000 people. The malware is designed to bypass computers’ defenses and encrypt critical system files. Hackers then demand three to six-hundred dollars for the unlock codes. The attack lasted just four days but spread to over 150 countries with over 300,000 computers infected. Estimates suggest that hackers collected around $130,000 during the attack, and some victims reported that they had not received unlock codes even after paying the ransom. On December 18th, 2017, the US Government issued a statement alleging that they believe North Koreans were responsible for the hack, stating that they have done plenty of research to back up their claims. Despite their claims, North Korea denies any involvement with the hack.

Dark Overlord

This hacking group has gained plenty of notoriety for attacking large companies like Netflix, and most recently even school districts. They previously attempted to extort Netflix after hacking Larson Studios and leaking the new season of “Orange is the New Black”. According to the Daily Beast, a hacker from the group claims that they have ramped up the intensity of the attacks in direct response to the FBI urging victims not to negotiate with the group.

Dark Overlord has most recently directed their attention to local school districts, hitting schools in Columbia Falls, Montana and Johnson County, Iowa. Their most recent strategy has been to target schools with poor network security, extract sensitive information and demand a ransom in exchange for the destruction of the sensitive data.

Given the wide range of targets for these attacks, it’s hard to draw parallels and define patterns. Any business can become a target. Don’t become a victim, protect yourself by hiring a competent IT Support Provider like Techsperts.