Attacks/Breaches

3/9/2011
06:24 PM
Jake Widman
Jake Widman
Slideshows
50%
50%

10 Massive Security Breaches

They make the news on a regular basis: incidents in which a company or government agency's security is breached, leading to a loss of information, personal records, or other data. There are many ways to measure the size or cost of a security breach. Some result in the loss of millions of data records, some affect millions of people, and some wind up costing the affected businesses a lot of money. Not to mention, the questions of you calculate the value of personal medical information vs. credit
Previous
1 of 11
Next


In February 2007, TJX, parent company of discount stores T.J. Maxx and Marshalls, disclosed that thieves had stolen information on possibly tens of millions of credit and debit cards. The company first thought its systems had been compromised for about eight months, but it turned out the vulnerability might have lasted for almost a year longer than that. The incident wound up costing TJX millions of dollars paid to the FTC, credit card companies, banks, and consumers. Oh, and 11 hackers were eventually arrested for the break-in.

Security breaches have only increased in scope and frequency in recent years, as more businesses store their data in digital files and thieves become increasingly sophisticated in how they gain access to those files. But sometimes the attacks aren't sophisticated at all -- sometimes they just occur because someone got careless with a physical object. That's old-school data theft, no hacking required.

See Also

Nasdaq Confirms Servers Breached

Online Dating Site Breached

Two Arrested For AT&T iPad Network Breach

Schwartz On Security: First, Know You've Been Breached

100,000 Credit Cards Compromised By Data Breach

Gawker Details Missteps Behind Security Breach

Previous
1 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11505
PUBLISHED: 2018-05-26
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVE-2018-6409
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
CVE-2018-6410
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
CVE-2018-6411
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
CVE-2018-11500
PUBLISHED: 2018-05-26
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.