Attacks/Breaches
3/9/2011
06:24 PM
Jake Widman
Jake Widman
Slideshows
Connect Directly
RSS
E-Mail
50%
50%

10 Massive Security Breaches

They make the news on a regular basis: incidents in which a company or government agency's security is breached, leading to a loss of information, personal records, or other data. There are many ways to measure the size or cost of a security breach. Some result in the loss of millions of data records, some affect millions of people, and some wind up costing the affected businesses a lot of money. Not to mention, the questions of you calculate the value of personal medical information vs. credit
Previous
1 of 11
Next


In February 2007, TJX, parent company of discount stores T.J. Maxx and Marshalls, disclosed that thieves had stolen information on possibly tens of millions of credit and debit cards. The company first thought its systems had been compromised for about eight months, but it turned out the vulnerability might have lasted for almost a year longer than that. The incident wound up costing TJX millions of dollars paid to the FTC, credit card companies, banks, and consumers. Oh, and 11 hackers were eventually arrested for the break-in.

Security breaches have only increased in scope and frequency in recent years, as more businesses store their data in digital files and thieves become increasingly sophisticated in how they gain access to those files. But sometimes the attacks aren't sophisticated at all -- sometimes they just occur because someone got careless with a physical object. That's old-school data theft, no hacking required.

See Also

Nasdaq Confirms Servers Breached

Online Dating Site Breached

Two Arrested For AT&T iPad Network Breach

Schwartz On Security: First, Know You've Been Breached

100,000 Credit Cards Compromised By Data Breach

Gawker Details Missteps Behind Security Breach

Previous
1 of 11
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2006-1318
Published: 2014-09-19
Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

CVE-2012-2588
Published: 2014-09-19
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.

CVE-2012-6659
Published: 2014-09-19
Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-1391
Published: 2014-09-19
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

CVE-2014-3614
Published: 2014-09-19
Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets.

Best of the Web
Dark Reading Radio