The 10 Worst Data Breaches of 2013

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12
Next The 10 Worst Data Breaches of 2013-2 Next

Adobe: 150 million exposed account credentials, leading to secondary breaches all over the Internet

You can’t tell the story of 2013 without Adobe, said Scott Simkin, senior product marketing manager, Palo Alto Networks. It was a breach unique in both scale and, more interestingly, the asymmetric ripple effects across the security landscape. First disclosed by Brian Krebs, the story brought an official statement from Adobe, with research revealing that more than 150 million user IDs with hashed passwords were stolen, including at least 38 million active users. Second, it showed how lax security efforts can be, even in a large tech company. The breach reportedly occurred in August or September, but Adobe did not become aware until September 17 and then, it failed to notify the affected users for over two weeks.

Initially, the breach was thought to be much smaller until people started getting their hands on the breached data that was published, according to AppRiver Security Analyst Jon French. The leaked file from the breach contained email addresses, encrypted passwords, and even password hints for Adobe users. Along with the user data breach, some source code was stolen for Adobe products as well. This code could be used for malware writers to program viruses to be more effective in attacks against that software.

According to the Identity Theft Resource Center, as of December 3, 558 breaches have been reported in 2013, and we still have nearly a full month left for more potential breaches. These breaches hit across industries; no one is immune. In late November, BitSight Technologies released a report that investigated how well specific industries were doing in their security efforts. According to the survey, the financial industry has performed the best when it comes to security effectiveness.

At the bottom of the list was the technology industry.

Not surprisingly, a number of the worst security breaches of 2013 happened within the tech industry. In fact, when asked to list the top security breaches of the past year, security experts overwhelmingly named the Adobe breach, followed closely by the more recent Pony botnet attack that focused on companies like Google and Facebook.

One of the more surprising breaches named by experts was former NSA contractor Edward Snowden’s leaks about the extent of the U.S. intelligence community’s Internet surveillance. The data breach was significant for many reasons, starting with what was revealed: pervasive signals intelligence, subversion of encryption standards, collaboration with overseas intelligence communities and many other bombshells.

Other breaches were more predictable, involving stolen devices or phishing scams. Many of the breaches are blamed on foreign hackers and cyber criminals. But the end result is that all of these breaches caused significant damage to businesses and customers. As Costin Raiu, director, Global Research and Analysis Team, Kaspersky Lab, stated:

We predicted 2012 to be revealing and 2013 to be eye opening. That forecast proved correct – 2013 showed that everybody is in the same boat. In truth, any organization or person can become a victim. Not all attacks involve high profile targets, or those involved in ‘critical infrastructure’ projects.  Those who hold data could be of value to cybercriminals, or they can be used as a ‘stepping-stones’ to reach other targets.

Here is a list of the worst data breaches of 2013.


Related Topics : Litigation, Consultants, Digital Rights Management, Environmental Regulations, External and Internal Audits

More Slideshows

Disaster10-190x128.jpg New Catalysts Driving Disaster Recovery Initiatives

Due to a variety of natural and manmade disasters – including cyber attacks – organizations are placing greater emphasis on DR initiatives. ...  More >>

Protiviti-GRCPlatform0x Real-World GRC Convergence: Platform Considerations

Achieving GRC convergence in the face of many obstacles requires technology capable of unifying an organization's policies, processes and infrastructure. ...  More >>

TufinContinuousCompliance0x 6 Steps for Ensuring Continuous Compliance in a Complex, Hybrid IT Environment

Even with the many challenges of managing today's complex IT environment, it's possible to achieve continuous compliance through proper organization, thorough processes and technology automation. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.