Although this is by no means an exhaustive list, SMS PASSCODE’s annual “Top Ten Global Hack Attacks” showcases some of the most high profile hacks this year, showing how prevalent they are and how disastrous the consequences can be:
- US Office of Personnel Management: this breach was one of the biggest ever of US government systems believed – although not proved – to be perpetrated by Chinese hackers. The data theft consisted of stealing addresses, health and financial details of 19.7 million people who had been subjected to government background checks as well as 1.8 million others.
- FBI portal breach: a portal used by police and the FBI to share intelligence and arrest suspects was hacked in November this year and data on arrestees stolen. It is unsure how many people were affected as the FBI didn’t announce figures. This attack is thought to be one of the biggest law enforcement hacks this year. It was perpetrated by the same hackers who accessed CIA director John Brennan’s personal email account earlier this year.
- Ashley Madison: the security data breach that hit the infamous infidelity dating site back in the summer of 2015 was media gold. A hacking collective identified weaknesses in password encryption and used these to crack the bcrypt hashed passwords. The upshot was the personal information – including credit card details – of over 11 million users was leaked on the dark web. And the company has lost its CEO, seen its share price and whatever credibility it had plummet and faces class actions from clients and investors.
- Talk Talk: October this year saw one of the UK’s biggest hacks this year and one that dominated news headlines in the UK for weeks. The mobile phone provider was the target of a bunch of teenage hackers who stole the details of over 20,000 customers. The hackers were quickly identified and dealt with, but the company has been left with a bill of up to ?35 million, having had millions wiped off its share price and is facing law suits from customers and investors.
- Health insurer Anthem: it emerged in October that Chinese hackers had targeted US health insurance company Anthem in a bit to learn more about how medical coverage is set up in the US. Apparently, Anthem has not been the only target, with smaller insurer Premera saying it had been hacked in March, exposing details of about 11 million people. Healthcare data has become some of the most valuable information that can be sold in the online black market, making healthcare companies a prime target for hackers.
- Carphone Warehouse: one of the biggest breaches in the UK this year was when the details of almost 2.5 million customers was stolen back in August, with almost 90,000 having encrypted credit card information stolen. The company said they had been the victim of a sophisticated cyber attack that is being investigated by the industry watchdog.
- Multiple US financial institutions and media companies: hackers stole the details of over 100 million people with banks accounts in what authorities dubbed “securities fraud on cyber steroids.” At least nine banks and other financial institutions, including JP Morgan, plus Dow Jones, the parent company of the WSJ, were targeted by hackers who gained access to a number of systems that helped them to make money from illegal activities including running a digital currency exchange, gambling websites and inflating stock prices. Three men have been prosecuted.
- Vodafone: another UK telco company was involved in a data breach in October, when hackers stole the personal and financial details of 2000 customers. Hackers used emails addresses and passwords acquired from an unknown source to get names, phone numbers, bank sort codes and the last four digits from bank accounts.
- Samsung Electronics: the electronics giant’s subsidiary, LoopPay was hacked back in March this year. LoopPay developed the payment system used to run Samsung Pay, a competitor to Apple Pay, but Samsung said that no user data was compromised during the hack which lasted several months before detection.
- Hilton Worldwide: the global hotel chain has recently been the victim of an attack, which infiltrated its POS terminals, giving hackers unfettered access to customer credit card information. Stolen information includes cardholder names and card numbers, security codes and expiry dates, enabling hackers to shop online or by phone.
Torben Andersen, CCO of SMS PASSCODE says: “This escalation in cyber attacks is only set to get worse. Whether it’s criminal gangs, teenage IT geeks, terrorists or, increasingly, Government sponsored organizations, the cyber threat is constantly evolving as are hackers’ methods. Organizations have to be thinking more laterally about security. As hackers exploit weak or stolen passwords in more than 75% of security breaches and simply log in as normal users to avoid detection, having multi-factor authentication in place is a vital way to step up security.”