Security Blunders of 2017: What to Expect for 2018
2017 was a year of data security “uh-ohs”. Sensitive information was unintentionally exposed on the Internet due to mainly forgetfulness and careless mistakes. Many were involved in the year’s biggest blunders, from Equifax to Uber. Despite promising efforts from artificial intelligence and machine learning programs, it seems 2017 proved that these innovative technologies can't sufficiently protect our most sensitive data from even more complex attacks. The cybersecurity company UpGuard, says that “There has been no accompanying revolution in how professionals tasked with administering the increasingly complex systems do their jobs…they are fighting this battle with weapons from the last war and the results have been disastrous.” This basically means that while IT is increasingly wider spread among computer industries, employees meant to keep data breaches at bay, are having a difficult time while using mostly outdated skills and software.
That being said, these are some of the most significant data hacks and leaks of 2017…
Right out of the gate, perhaps the most notable of 2017 breaches came from Equifax, the consumer credit reporting agency back in September. Five months after the breach actually occurred, Equifax came clean and let everyone know that in the spring, hackers had got a hold of over 140 million Americans' sensitive information such as social security numbers. They got everyone affected by the breach to sign legal documents preventing them from joining a class-action law suit. They then proceeded by directing the hacking victims to a false phishing website, which then stole even more sensitive information.
Check it out: Equifax Hack (Infographic)
The NSA (National Security Association) has found weaknesses in commonly used software tools for years, but instead of alerting those companies affected by the found vulnerabilities, they hid those secrets for future use. The Shadow Brokers, a hacking group, stole a ton of those software secrets held by the NSA, then let them loose all over the Internet. North Korea eventually got a hold of one of those hidden hacking techniques to go target Windows, which resulted in ransomware called “WannaCry”, which ended up bringing down nearly 230,000 computers around the globe.
Check it out: The WannaCry Virus Timeline
Are you more of a cat or a dog person? No need to answer because most likely, your preference was exposed already. Alteryx is a marketing and analytics firm that left a database containing information about over 120 million American households unsecured and open to the public Internet. The exposed database likely contained 248 information points for each household exposed including addresses, phone numbers, magazines you subscribe to, ages of your kids, and yes, even if you’re more of a cat or dog person.
Oh Uber, the reliable and affordable transportation system that many of us have come to know and use on the regular. If you ride with Uber, you know that in order to create a rider account with them, you sign up with your full name, phone number, and credit card information. Unfortunately, in November, Uber revealed that they paid hackers $100,000 to stay quiet about a breach from October 2016 that released the information of 57 million customers’ personal data while 600,000 drivers had their names and driver’s license numbers stolen. Uber insists that the stolen data was not used for any heinous purpose, but it is still a concerning issue that they tried to bury the breach instead of immediately reporting it to those affected as well as authorities.
Check it out: Uber Data Breach (Infographic)
So Where Do We Go from Here?
New year, new blunders? While it may seem like hacks and breaches are the new normal, the UpGuard co-founder Mike Baukes says that instead of accepting this unfortunate reality, the best thing to do moving forward is for larger companies to commit more resources to alleviate risks and for politicians to step up to protect victims of hacking. There should be a law mandating that notification and preservation of data, needs to be timely. To be clearer, (talking to you companies who harbor sensitive customer information) if you know data has been hacked, don’t wait to share it. Let people and the appropriate authorities know that their private information is spreading across the web.
Check it out: Protect Your Data With These 6 Steps