San Francisco experienced data breaches this year, unfortunately. Large organizations, hospitals and social media giants have been hit by hackers causing stress, anxiety and likely a reduction in sleep for those involved in the situation. As business owners, employees and individuals that participate in a technology-driven world, it’s important to take a look back at the security and data breaches that have happened. Not with the goal of dwelling on the negative aspect that hackers try to bring, but rather to stay informed, stay up-to-date, to be prepared and to develop a good strategy to help prevent these issues for your organization, or for yourself.
So, let’s take a look back at some of the breaches that have occurred over the past year.
DocuSign, an electronic signature technology organization, was targeted and hacked. The result was the theft of client email addresses. Client personal data, passwords and client documents were un-touched. You might be thinking; how bad can it be if all they got were email addresses? It’s still bad. These hackers are now impersonating DocuSign and sending clients malicious emails that include a link with a downloadable word document that contains malware. Although DocuSign clients have been made aware of the situation, it just takes one slip-up and you’ve got malware installed on your computer.
San Francisco General and Laguna Honda
A former employee of Nuance Communications caused this breach, and compromised 900 patient records. In this situation, the former employee illegally accessed patient records including names, dates of birth, medical record numbers, patient numbers and details about patient’s conditions and diagnoses. All patients were notified of the situation, personal data was recovered and it is believed that no data has been offered for sale online.
A ransomware attack caused data theft of employees and customers of this concert and sports ticketing website. Hackers obtained names, addresses, email addresses and phone numbers of potentially 27 million people.
Hackers took full control of around 30 million user accounts which impacted profiles, user log-ins, passwords and recovery phone numbers, and some of this information was altered causing even more issues for the user. Another 40 million users that logged onto a third-party site using their credentials from Facebook were also likely impacted.
Hackers caused major issues with user log-ins, passwords and emails, and changed recovery phone numbers. Instagram had 1 billion users in August 2018, which means the attack could have been pretty wide-spread.
Data systems were breached and account credentials and email addresses (leading up to 2007), and user names and corresponding email addresses (from June 2018) were affected. The time spans vary, but users of Reddit are vast – 1.55 billion unique visitors in June 2018.
The customer prospecting database was stolen from this sales automation software company. This database included around 200 million contact records and included information such as names, job titles, phone numbers, email addresses and in some cases, client data.
In this case, private information like user passwords were revealed because they were not obscured during security hashing processes. Although the exact number of those impacted isn’t official, there were 336 million users in May 2018.
Unfortunately, this impacted both drivers and customers. Hackers stole names, phone numbers, email addresses and driver’s licenses from potentially 57 million user accounts.
Names, email addresses, occupations, gender and age of users that were not marked public were exposed to third-party app developers, which could have impacted up to 500,000 users.
Yep, it’s been a stressful year.
Now, let’s take a look at some of the common software that hackers and cyber criminals use to cause this havoc.
Yep, it’s as ugly as it sounds. Hackers develop and use this software to detain access to a computer system or a database until the threat that they pose is met. This threat is typically money. And, if the threat isn’t met, that same hacker threatens to destroy or leak a company’s database online. Unfortunately, it has become easier for hackers to access a company’s database, which makes ransomware a favorite for many hackers. Although the sum of money that they typically ask for is relatively small, around $1,000, over time this adds up. It was predicted that ransomware damages would cost the world $8 billion in 2018, and $11.5 billion in 2019. That is a lot of ransomware attacks!
A relative of ransomware, ransomcloud focuses on your emails in the Cloud. In this case, the hacker locks down your email and infects it, and sends you an email with their threat, along with details that all of your emails have been encrypted and you cannot read them. The goal again is typically to get money from you. Ransomcloud typically starts with a phishing email disguised as a new anti-spam service and encourages you to click on a link to accept a new application. And, once you click, the cyber thieves work their terrible magic.
Malware and ransomware are similar. The difference between the two is that ransomware is used to try to extort money, malware is designed to damage, disrupt and/or gain access to your computer system. Basically, cause you a lot of problems.
Aside from causing employee, customer and public panic, breaches and malicious software cost organizations money….and lots of it. According to a report by the Ponemon Institute, the average cost of a data breach has increased 6.4% to $3.86 million over the last year. And, the cost of stolen records full of sensitive data and confidential information increased an average of 4.8% to $148 from the previous year. Not good.
There is GOOD NEWS!! We have some steps that your organization can take to protect themselves.
As mentioned in the beginning, stay informed and stay up-to-date. Reading articles like these and adding the Intivix blog to your regular reading list is an excellent start! What else can you do? We’re glad you asked:
- Your employees are your first line of defense against many of the potential threats. Train them to watch out for suspicious emails and let them know when new threats come out. Keeping your employees informed, on a regular basis, helps protect them and the organization.
- Utilize a reputable IT Services company to test your current system. They’ll be able to assess your security and provide a list of items that should be done/implemented to create a better defense against hackers.
- Back up your system and data regularly. There is no such thing as backing up too often. If your data is backed up at an off-site cloud data storage site, it will be easy and painless to restore the data, if the need arises.
- Regular patches and updates are a must because they keep your network protected.
- If you are unsure of the sender, or if the link looks suspicious, do not open the email, click on the link or open the attachment. Instead of clicking the link, type the website address directly into your browser to determine if it is valid.
- Keep an eye out for typos. Many phishing emails contain obvious spelling errors.
- Review app permissions, and make sure the app you are downloading is reputable.
- Use multi-factor authentication when available, which means at least two forms of identification is needed to log in to confidential accounts.
- Use passwords, and don’t use the same password more than once, or across multiple websites.
And, know that help is available to protect you from those that are trying to cause you, and your business harm. Our IT professionals have immense technical expertise and an extreme distaste for the cyber criminals of the world.