The Data Breach Deluge of 2011


Joe Purcell Posted by

Millions of online accounts have been compromised so far this year alone. The growth of data stored online is unprecedented, but data security is not keeping pace. The data breach deluge of 2011 is swelling larger than ever before and calls for better security measures to be implemented by all online services from gaming to banking.

Just how bad is it? Really bad. I will include links to references so that you can see for yourself the impact and nature of these breaches. Let’s take a look at breaches just in the past few months:

This list doesn’t even include the numerous other sites and companies that have been attacked in this time period as well: the Labour Party, CNN, Automatic Data Processing (ADP), Lockheed Martin, the US Senate, the CIA, the IMF, PBS, Epic Games, L-3 Communications, Google, and almost 50 others.

The personal information compromised in these breaches include anything from social security numbers to credit card numbers to just email addresses, usernames, and passwords. Covering up these blunders costs companies millions. The case of the Texas comptroller alone has already cost $1.8 million. As one states, 2011 is set to be the worst year ever for security breaches.

The groups Anonymous and LulzSec have been linked to a number of recent attacks, though certainly the network of hackers is much larger. In response to the significant amount of online plundering, legislation known as the Data Security and Breach Notification Act will require companies to notify authorities and customers within 24 hours of a breach. Hopefully, new legislation will be a catalyst to better security policies.

It has been said that the only secure computer is one that is not on a network. Though it is true that most businesses could not sustain sophisticated attacks, like the one on EMC’s RSA, most of the attacks are not sophisticated. The majority of attacks focus on basic loopholes like SQL injection, security loopholes in servers that haven’t been upgraded (Sony), unencrypted data (Sony, Citigroup, etc), and passing data insecurely through URLs (Citigroup).

Even keeping up to date on the latest security breaches on Yahoo Pipes, the Web Hacking Incident Database, or the DataLossDB, can give network administrators insight into what security loopholes to look for in their own networks. To avoid a PR nightmare and a huge cleanup bill, organizations need to take their online security much more serious.

About the Author: Joe Purcell is a technology virtuoso, cyberspace frontiersman, and connoisseur of Linux, Mac, and Windows alike.

Leave a Reply