Top 10 Breaches of 2012

By: Absolute Team | 12/28/2012

With 2012 drawing to a close, it’s time to look at how we fared this year in terms of data breaches in North America. Compared to the number of reported breaches for 2011, the data does not look promising. Compared to the figures we shared in 2011, the overall picture of data breaches continues to be dismal:

  • reports 641 breaches affecting over 26.4 million records (up from 557 breaches affecting 30.6 million records)
  • reports 1362 incidents worldwide (up from 1077 in 2011)
  • ITRC reports 406 breaches affecting over 17.1 million records (compared to 414 in 2011 affecting 22.9 million)
All of these numbers are very conservative, based upon definitions of what constitutes personal information as well as withheld information on breach size or even knowledge of breaches.

Top 10 Data Breaches in the US of 2012

  1. Zappos - 24 million customer accounts were compromised after a hacker accessed their databases. To their credit, passwords were hashed and credit cards were encrypted
  2. LinkedIn - 6.5 million passwords were stolen by hackers exploiting a common SQL injection attack on data with weak encryption
  3. Elections Ontario - 2.4 million Ontario voters personal information was put at risk after two portable drives went missing
  4. New York State Electric & Gas and Rochester Gas and Electric - 1.8 million affected by hack into company databases
  5. Global Payments - 1.4 million credit card numbers were breached by a hacker, an incident that cost the company over $84 million
  6. South Carolina Department of Revenue - 3.3 million unencrypted bank account numbers and 3.8 million tax returns - an employee fell for a phishing attack that enabled hackers to leverage employee access rights
  7. Nationwide and Allied insurance companies - hackers accessed servers affecting 1.1 million consumers
  8. California Department of Child Services - 800,000 affected when backup tapes fell off a FedEx truck
  9. Utah Department of Health - 780,000 people affected when hackers exploited poor authentication configuration on a new server
  10. Yahoo - 450,000 passwords were breached by a hacker

Data Security Resolutions for 2013

A resolution is a promise to do better in the new year. Here are some resolutions we suggest you make for the year on how to better prevent data breaches and protect personal information:

  1. Conduct a risk assessment yearly, identifying personally identifiable information (PII) and confidential information (CI), where it resides, how it's used, and how it could potentially get exposed
  2. Set user controls for type of data
  3. Set up mobile device policies for all device types (smartphone, USB, laptop, tablet)
  4. Have automated systems in place to control access to data with mobile devices
  5. Set up stronger password systems (requiring minimums, user prompts to change)
  6. Provide regular training for employees on data security (from data handling to phishing to password management)
  7. Encrypt disks and data
  8. Track mobile devices
  9. Keep software up to date
  10. Properly dispose of data you no longer need

The organizational costs of a data breach was $5.5 million in 2011 - let's all vow to reduce this cost for 2013!

If you don't know where to start to protect your data, let us help! Learn more about our solutions here.

Financial Services