Top 10 Information Security Breaches

Information security is a high profile issue that is never far from the news – whether it is lost laptops or full-blown cyber attack. Confidentiality, integrity and availability of information are serious concerns for any business leader today. Here are some of the most serious security breaches that have made the news in the last 5 years.

Top 10 Information Security Breaches

  1. 2007 – TJX (parent of TK Maxx) hacked : information stolen on tens of millions of credit and debit card details – unprotected wireless network
  2. 2007 – HM Customs and Excise chairman forced to resign: 2 disks lost in internal post containing personal information of 25 million families in the UK
  3. 2007 – HSBC Bank fined £3.2 million by FSA for losing details of 180,000 life insurance customers – unencrypted floppy disk lost in the post
  4. 2007 – Nationwide Building Society employee laptop stolen from his home containing confidential customer details – failure to manage or monitor downloads of data onto portable devices
  5. 2008 – Bank of New York Mellon suffers physical security breach – potential compromise of personal details of 12.5 million customers – lost data back up tape
  6. 2009 – Heartland Payment Systems hacked: tens of millions of transactions compromised – computers infected with malware
  7. 2011 – RSA subject to sophisticated and targeted attack that began with ‘spearphishing’ email
  8. 2011 – Epsilon email marketing company could face $4 billion in damages: customer databases of names and email addresses hacked – sophisticated ‘spearphishing’ campaign
  9. 2011 – DigiNotar (Dutch web certificate issuer) files for voluntary bankruptcy – hacker attacked operational IT systems and generated fake certificates. Loss of reputation is cause of downfall.
  10. 2011 – Sony Playstation Network suffers security breach . Up to 24 million users affected and personal, billing and password security questions stolen. Sony expects to pay out $171 million in new protection, welcome back, customer support programmes and legal cost.

Information risk is often seen purely as a technical issue as the variety of incidents in the list above show, this is not the whole story. It’s a very human risk too. There is a need for parity and balance, looking at risk across the board: the right mix of physical, procedural as well as technical controls – in line with your business objectives.

This post introduces a series of articles. We’re not in the business of scaremongering (there is too much fear selling in our industry and we don’t want to add to that!) so in each article we’ll give you advice on how your company can avoid the situation these unfortunate organisations have faced, highlighting the positive business advantages if you get information security right.

Share this article:

6 thoughts on “Top 10 Information Security Breaches

  1. […] Risk and Technology, Information Security Advice / Information Risk is NOT just an IT Issue « Top 10 Information Security Breaches (and how to avoid them) BT’s Major Broadband Outage and Being Prepared For Information Risk […]

  2. Ruth Cox says:

    What happened to Sony was really worrying. As opportunities for information risk increase it’s important to be aware of what can be done to minimise it, especially for global corporations.

  3. Dave James says:

    Thanks Ruth, really pleased the article struck a chord with you. Certainly agree that global corporations should be concerned and actively mitigating the liklihood of these big newsworthy compromises happening again. Unfortunatley in our ever more connected world, where we are only as strong as the weakest link, everyone needs to up their game. For home users there is great information provided by the Governmnet initaitive ‘Get Safe Online’ which reminds people of the basics. At the micro and small end of the SME market the Get Safe Online advice applies equally. The big enterprises can afford the big solutions (although looking at the compromise lists shows that money alone doesn’t solve the problem), but mid and upper end SME’s need a different approach, which is where Ascentor’s approach is targeted. With Ascentor’s holistic approach to information risks you can reduce your exposure to risk, helping secure a long term future, without it necessarily costing the earth.

  4. […] saw a number of serious information security breaches— the Sony Playstation network’s hack probably the most high profile of all. These have made […]

  5. […] information held on mobile devices and removable media. Encryption is most valuable here. The HMRC incident would not have been anywhere near as catastrophic if the CD containing all that […]

  6. […] Top 10 Information Security Breaches (and what you can do to avoid them) Tagged: human factor, Information security, security awareness programmes, social engineering Published: April 23, 2012 in Information Risk Management, Information Security Incidents, Security controls Comments: […]

Comments are closed.