Top Ten Data Breaches and Blunders of 2009 – www.esecurityplanet.com
From stolen devices and phishing attacks to buggy apps and human blunders, 2009 was another banner year for data breaches. According to the Privacy Rights Clearinghouse, over 345 million records containing sensitive data have been involved in incidents within the United States since January 2005. But last year, one single breach compromised 130 million records. In an effort to do better this year, let’s recount some of the worst data breaches reported in 2009.
The breaches in the top ten are:
- 10) Los Alamos National Labs (theft of computers and loss of black berry) –>asset management issue.
- 9) Virginia Department of Health (hacker)
-
Network Solutions (malware planted) - 7) Arkansas Department of Information Systems (loss of archive tape from vault operated by Information Vaulting Services)
- 6) Oklahoma Department of Human Services (theft of unencrypted laptop)
- 5) HealthNet (loss of a portable storage device)
- 4) CheckFree (DNS hijack)
- 3) RockYou (Exploit of SQL injection flaw which can really be attributed to a faillure to apply basic security practices)
- 2) National Archives and Records Administration (recycling of disk drive procedure issue, drive not encrypted)
- 1) Heartland Payment Systems (exploit of SQL injection vulnerability, installation of sniffer software)
While these breaches all involved technology, many could have been prevented with a bit more common sense and adherence to security best practices. To be sure, there’s room for improvement in security measures themselves. But all too often, data breaches are caused by omissions and errors in policies and processes. In the end, a list like this shouldn’t simply make us shake our heads or shudder—it should teach about blunders that we can and should avoid ourselves.
Read the full story here Top Ten Data Breaches and Blunders of 2009 – www.esecurityplanet.com.
Filed under: INFORMATION SECURITY
Leave a Reply