• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Most talked about security fails of all time

July 1, 2016 by Secure360 and UMSA

most talked about security fails

Copyright: 123rf/alphaspirit

In honor of their 10-year anniversary, Dark Reading wrote an article discussing the biggest failed security trends, technologies and tactics from the past 10 years. Secure360 is using their post as inspiration for our own quick post on some of the most talked about security breaches and hacks from the past few years and our key takeaways. While we hate to see major businesses in the news for failing at security or missing the mark, we can learn a lot from their errors on what our own businesses should be doing.

Without further ado, here is our list of the most talked about security fails of all time:

TJXX Breach | 2006

In 2003, a hacker managed to infiltrate TJX chains, including Marshalls and TJ Maxx, and stole 94 million customer credit card and debit card numbers. The breach was not discovered until the next year, and Visa reported fraudulent transactions on those accounts in 13 different countries. A cybercriminal named Albert Gonzalez, called “Soupnazi,” is now serving 20 years for the crime. Although not believed to be responsible for the attack, a group of people in Florida were charged for buying customer credit card data from the hackers and then used that data to purchase $1 million dollars’ worth of electronic goods and jewelry from Walmart. This breach is still considered one of the biggest retail data breaches of all time.

What was learned: The payment-card industry needed to update and release standard guidelines for securing wireless networks.

Heartland Payment Systems | 2008

134 million credit cards were exposed through SQL injection to install spyware on Heartland’s data systems. A federal grand jury indicted Albert Gonzalez (you guessed it, the same criminal mentioned in the TJXX breach) and two unnamed Russian accomplices in 2009. Gonzalez, a Cuban-American, was believed to have masterminded the international operation that stole the credit and debit cards.

What was learned: The vulnerability to SQL injection was well understood and security analysts had warned retailers about it for several years. Yet, the continuing vulnerability of many Web-facing applications made SQL injection the most common form of attack against Web sites at the time.

Target | 2013

The retail giant initially announced that hackers had gained access through a third party to its point-of-sale (POS) payment card readers, and had collected about 40 million credit and debit card numbers. But by January 2014, the company was changing their story and upped that estimate, announcing 70 million customers had been compromised. That included full names, addresses, email addresses and telephone numbers. The final estimate is that the breach affected as many as 110 million customers. Target’s CIO resigned in March 2014, and its CEO resigned in May. The company recently estimated the cost of the breach at $162 million.

What was learned: Still fresh in many of our minds, there are a lot of key takeaways for retailers from this attack. Ultimately, it was felt that Target ignored certain red flags, and then failed to get to the bottom of the hack timely and plan a successful recovery.

Anthem | 2015

In February of 2015, hackers broke into healthcare giant Anthem’s servers and stole up to 80 million records. Anthem is the parent company of several well-known healthcare providers, including Blue Cross and Blue Shield. The attack began with phishing emails sent to five employees who were tricked into downloading a Trojan with keylogger software that enabled the attackers to obtain passwords for accessing the unencrypted data. This breach included the theft of millions of medical records thought to be worth 10 times the amount of credit card data. It is suspected that the stolen health records will be sold on the black market in the future.

What was learned: Anthem announced the breach much quicker than the Target breach was announced, in the best interest of both the organization that suffered the data breach, and the individuals whose data has been compromised. The Anthem attack targeted network administrators, encouraging businesses to watch admin activity.

This is only a small list of the some of the most talked about breaches since 2000. Which other breaches would you include on the list and why?

Filed Under: Business Continuity Management, News and Events, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Marketing Envy
    Marketing Envy: [New Blog] 2020 saw in-person conferences evaporate, but with vaccines rolling out, 2021 could be different. H… https://t.co/4YONwZNsDa
    about 4 days ago

  2. Secure360 Conference
    Secure360 Conference: We are honored to be listed on the Top 20 Cyber Conferences for 2021 -> https://t.co/MnrQ3E5ifw
    about 5 days ago

  3. Secure360 Conference
    Secure360 Conference: Fascinating stuff about the shift from brick & mortar to e-commerce, from Diamond Sponsor @cisco! https://t.co/4GaYGQKZ1a
    about 1 week ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.