Attacks/Breaches

11/15/2016
09:00 AM
Jai Vijayan
Jai Vijayan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

The 7 Most Significant Government Data Breaches

Mega compromises at federal and state agencies over the past three years has compromised everything from personal data on millions to national security secrets.
Previous
1 of 8
Next

Data maintained by Privacy Rights Clearinghouse shows that federal and state government agencies publicly disclosed a total of 203 data breaches over the past five years.

In all, the breaches resulted in nearly 47 million records being stolen, exposed or otherwise compromised. The number of breached records does not include the numerous cases where agencies either did not disclose the scope of their data breach or the actual number of records that might have been involved.

It also does not include data from incidents like Edward Snowden’s theft of classified documents from the National Security Agency (NSA) or the recently disclosed theft of 50 TB of government data by another former contractor for the NSA and other federal agencies.

In terms of raw numbers, federal and state government agencies suffereda lot fewer breaches and exposed fewer data records than private companies. PRC numbers show that between 2012 and 2016 for instance, financial and insurance companies, retailers, and other businesses disclosed some 950 breaches involving 244.5 million records.

What makes the government breaches more significant though is the kind of information involved. In a majority of cases, government breaches involved personally identifying data, such as names, Social Security numbers, and birthdates, the loss of which have substantially greater consequences for victims than breaches involving loss of credit card data or email account information. In a few cases, the breaches involved loss of top secret and highly confidential data of national security value.

Here, ranked in ascending order of severity, are seven of the most significant government data breaches of the past three years.

 

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ClaireEllison
50%
50%
ClaireEllison,
User Rank: Apprentice
11/21/2016 | 4:22:24 PM
Re: amazing
A great post with good questions/ But how to avoid that? I really wanted to send a small word to say thanks to you for the fantastic points you are writing on this site.
ONI SEO
50%
50%
ONI SEO,
User Rank: Apprentice
11/18/2016 | 11:34:05 AM
Mr ROBOT comes soon?
A great post with good questions/ But how to avoid that? What kind of solutions?
kbannan100
50%
50%
kbannan100,
User Rank: Apprentice
11/17/2016 | 10:59:38 PM
It's going to take a village
These breaches are just the tip of the iceberg. We all know that. One of the biggest problems is the amount of unsecured endpoints that are out there. Things like printers that aren't secured and laptops that aren't running antivirus or -- if they are -- have not been patched. It's going to take a lot more work on everyone's behalf before the good guys get ahead of the criminals. 

--Karen Bannan for IDG and HP
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12705
PUBLISHED: 2018-06-24
DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).
CVE-2018-12706
PUBLISHED: 2018-06-24
DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.
CVE-2018-12714
PUBLISHED: 2018-06-24
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial o...
CVE-2018-12713
PUBLISHED: 2018-06-24
GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was ...
CVE-2018-12697
PUBLISHED: 2018-06-23
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.