Data Breach

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Data breaches can be devastating for organizations, these are 3 of the worst incidents that could have been prevented

Data breaches can be devastating for organizations and even entire countries. Eliminating the risk of a data breach is nearly impossible, but some things can be done to reduce it significantly.

Here are three of the worst data breaches that could have been avoided:

Yahoo

In 2013, Yahoo suffered one of the worst data breaches in history, exposing over 3 billion user accounts. The breach was unveiled three years later, during the process where Verizon was acquiring Yahoo.

Yahoo initially reported that 1 billion users had been affected, but the number turned out to be much higher. The attack and lack of transparency from Yahoo reduced the price Verizon had to pay for the acquisition. While no plaintext passwords or financial data was stolen, the hack did expose answers to security questions. This allowed hackers to breach many user accounts.

Experts believe Yahoo was using outdated, easy-to-crack encryption, which led to the attack. The attack is a good reminder of how critical strong encryption is in protecting your website users. This attack could’ve easily been avoided if Yahoo had invested more in the security infrastructure.

SolarWinds attack on U.S. government agencies

In February 2021, several U.S. government agencies and large organizations were hit by cyberattacks due to a vulnerability in their IT infrastructure provider – SolarWinds.

Many government agencies and Fortune 500 companies use SolarWinds, which contributed to the severity of the attack. Because of SolarWinds’ deep integration with other software solutions, organizations were forced to continue working with it despite knowing that a breach had occurred.

SolarWinds employees claim that the attack resulted from a weak password that an intern had used – “solarwinds123”. The attack affected thousands of SolarWinds’ clients, causing billions in damages.

All of that could’ve been avoided had SolarWinds implemented a strong password policy. Weak passwords are the easiest way hackers can hack into a system. Organizations must have a robust password policy. One way to help enforce such a policy is by providing employees with a password manager for easy password generation and storage.

Target

Near the holiday season of 2013, hackers exposed the credit and debit card information of over 110 million Target customers. Because it was impossible to recover the data, Target had to pay tens of millions in damages to affected customers. The attack happened around Black Friday, which was particularly bad for business due to the bad publicity.

The hackers used social engineering techniques, sending phishing emails to several of Target’s vendors, and successfully breached Target’s network. They then installed malware, which helped them obtain customers’ credit/debit card information.

Organizations are now very interconnected and depend on the services of vendors, suppliers, and other entities. Focusing on your own cybersecurity practices isn’t enough. You must also worry about that of your third parties. Before engaging in business with a third party, ensure that they meet your cybersecurity standards. You can do so by sending questionnaires or through security ratings.

Final thoughts

Organizations are constantly under threat of data breaches. Attackers are relentless and regularly discover new ways to harm. While eliminating the risk completely is impossible, there are a few things organizations can do to improve their cybersecurity posture. Here are some of them:

  • Strong encryption
  • Strong password policy for employees
  • Third-party risk management
  • Educate employees about cyber risks

About the AuthorAnas Baig

With a passion for working on disruptive products, Anas Baig is currently working as a Product Lead at the Silicon Valley based company – Securiti.ai. He holds a degree of Computer Science from Iqra University and specializes in Information Security & Data Privacy.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breaches)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

1 hour ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

15 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

22 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.