Information security is a high profile issue that is never far from the news – whether it is lost laptops or full-blown cyber attack. Confidentiality, integrity and availability of information are serious concerns for any business leader today. Here are some of the most serious security breaches that have made the news in the last 5 years.
Top 10 Information Security Breaches
- 2007 – TJX (parent of TK Maxx) hacked : information stolen on tens of millions of credit and debit card details – unprotected wireless network
- 2007 – HM Customs and Excise chairman forced to resign: 2 disks lost in internal post containing personal information of 25 million families in the UK
- 2007 – HSBC Bank fined £3.2 million by FSA for losing details of 180,000 life insurance customers – unencrypted floppy disk lost in the post
- 2007 – Nationwide Building Society employee laptop stolen from his home containing confidential customer details – failure to manage or monitor downloads of data onto portable devices
- 2008 – Bank of New York Mellon suffers physical security breach – potential compromise of personal details of 12.5 million customers – lost data back up tape
- 2009 – Heartland Payment Systems hacked: tens of millions of transactions compromised – computers infected with malware
- 2011 – RSA subject to sophisticated and targeted attack that began with ‘spearphishing’ email
- 2011 – Epsilon email marketing company could face $4 billion in damages: customer databases of names and email addresses hacked – sophisticated ‘spearphishing’ campaign
- 2011 – DigiNotar (Dutch web certificate issuer) files for voluntary bankruptcy – hacker attacked operational IT systems and generated fake certificates. Loss of reputation is cause of downfall.
- 2011 – Sony Playstation Network suffers security breach . Up to 24 million users affected and personal, billing and password security questions stolen. Sony expects to pay out $171 million in new protection, welcome back, customer support programmes and legal cost.
Information risk is often seen purely as a technical issue as the variety of incidents in the list above show, this is not the whole story. It’s a very human risk too. There is a need for parity and balance, looking at risk across the board: the right mix of physical, procedural as well as technical controls – in line with your business objectives.
This post introduces a series of articles. We’re not in the business of scaremongering (there is too much fear selling in our industry and we don’t want to add to that!) so in each article we’ll give you advice on how your company can avoid the situation these unfortunate organisations have faced, highlighting the positive business advantages if you get information security right.