Lepide Blog: A Guide to IT Security, Compliance and IT Operations

Data Breach Horror Stories: The Worst Breaches of 2017 so far

01-Lepide

In the run-up to Halloween this year, we thought we would share with you some of the scariest data breaches from around the world that have occurred so far in 2017. So, lock the doors, turn off the lights and grab a pillow to hide behind…it’s time to explore the spookiest true data breach stories of 2017 so far.

E-Sports Entertainment Association

Fan of Counter-Strike, Half Life or Warcraft III? If so, you may be familiar with the competitive e-sports video game community that was founded by E-Sports Entertainment Association (ESEA). Technically the data breach was first noticed on the 30th of December, but the full extent of the damage didn’t materialise until early January 2017 (which is why I feel it’s acceptable to include in this list).

More than 1.5 million ESEA records were discovered stolen which is pretty scary in itself. But the real horror comes when you look at the private information the attackers got access to; including full addresses, full names, dates of birth and gaming platform IDs.

InterContinental Hotels Group

We first reported this back in February when it was announced that IHG (owner of numerous famous hotel chains including Crowne Plaza and Holiday Inn) had discovered malware in 12 of their properties. The malware essentially stole the credit card information of anyone who made payments in the on-site bars and restaurants. The malware went undiscovered for nearly half a year. Just imagine how many people had their bank details stolen!

Now for the scary part. Later in the year (April 19th, to be exact), IHG reported that the initial estimate of 12 affected sites had increased…to 1200! If you thought you were safe because you’d avoided those initial 12 locations, think again.

The National Health Service

Now known to be one of the worst ransomware attacks in history, WannaCry effectively brought the NHS (national provider of healthcare in the UK) to its knees. In March, a new strain of ransomware, named WannaCry, hit hundreds of thousands of computers worldwide, including thousands of computers at 16 NHS locations in the UK.

Scarier than a standard ransomware attack, WannaCry had the ability to spread itself across a network by taking advantage of critical vulnerabilities in Windows computers. Hospital staff were forced to revert back to pen and paper for documentation, and surgeries had to simply turn patients away and cancel appointments. Truly terrifying.

Deloitte

No one safe. Even the company once named “best cybersecurity consultant in the world” by Gartner suffered a huge data breach in September of 2017. Even though Deloitte insists that only a small number of their high-profile clients were affected by this breach, the way it occurred should chill you to the bone!

This wasn’t the result of a sophisticated attack by any means, in many ways this was surprising negligence from a high profile cyber-security consultant. Deloitte were not using two-factor authentication on their privileged accounts, even their domain administrator accounts! All it took was for one administrative account to be breaches, and hackers could access all areas of the email system. From one password!

Equifax

September was a bad month for data breaches it seemed, as Equifax, one of the three biggest credit agencies in the US announced that they were the victim of a data breach that affected almost 150 million customers. Simply by exploiting weak spots in the organization’s website software, hackers were able to get access to social security numbers and drivers’ licence numbers, along with names, addresses, dates of birth, credit card numbers and much more.

Many think that this data breach is the worst of all time, simply due to the sheer sensitivity of the data that was stolen in volume, and they could be right…

Yahoo

For the full story of this breach, you have to cast your minds all the way back to 2013, when Yahoo first announced that the data of “possibly more than one billion accounts” had been stolen. At the time, this would have been the largest data breach in human history…
It gets worst though. In October of this year, it was revealed that it certainly was more than a billion accounts affected. A whole lot more. After Verizon acquired Yahoo’s core internet assets, news broke that every single Yahoo customer had been affected by this breach. That’s over 3 billion people.

And the scariest part? Even after numerous in-depth investigations, no one knows who was behind this devastating attack.

So, there you have it. Some of 2017’s scariest data breaches to help kick-start your Halloween celebrations. I want to take a brief moment to let you know that, if you’d rather not be on this list next year, you can use Lepide Data Security Platform to help detect and prevent data leakage, ransomware and much more. schedule a demo with one of our engineers.