"2009 has been a year full of data breaches, compromises and exposures all around cyber-criminality. These incidents could have been prevented by adopting basic security standards and embracing a culture of security," added Prince. "Most companies actually know exactly where they lack security and where their gaps and exposures are. But knowing this, they still 'play with fire' and hope that they won't get burned. Now is the time for everyone to take into account of all the malicious breaches and blunders that have happened in the last year alone, and take the time to reconfigure their network protection systems to prevent these mishaps from happening to them."
Here's the list of the top 10 biggest information security breaches and blunders in 2009:
#10 " Malicious Codes' Extended Stay
Hackers broke into web servers owned by a major domain registrar and hosting provider and planted rogue malware that resulted in the compromise of more than 573,000 debit and credit card accounts. The malicious code was in place for over three months. This type of "extended stay" of malicious code is a negative trend that showed progress in 2009.
#9 " The Ease of Hacking a CEO's Mailbox
A significant hosted email provider offered a $10,000 prize to anyone who could hack into its CEO's mailbox. The company used the authentication method, providing one-time pin code and even gave usernames and passwords. Hackers successfully broke in, bypassing the 2nd factor authentication using a cross site scripting vulnerability.
#8 " The Jealous Boyfriend
You can't forget the man who sent spyware to his girlfriend, who then opened the email on her work computer, resulting in a data security breach on a major children's hospital network. The hospital could have used a web content filtering solution, but even that wouldn't completely eliminate the problem. This particular breach shows that some healthcare organizations can still be apathetic towards information security.
#7 " Macking
Media hacking or "macking" has become quite popular in 2009. Macking, characterized as the lowest of the low hanging fruit, can be very profitable for cyber criminals in this day in age where search engines can be easily manipulated, botnets can send billions of email messages, and social network sites have worms that can spread messages.
#6 " Insiders Everywhere
This year was also the year of insider breaches. A temporary telecom company employee was arrested on charges of stealing personal information and then pocketing more than $70,000 by taking out short-term payday loans. Even one of the world's leading anti-virus and internet security provider had an international office employee steal customers' credit card numbers. Insider breaches will continue to be a rising threat for 2010 and beyond, as long as companies don't have the proper policies in place to prevent them.
#5 " 160,000 California University records hacked
At one of California's most esteemed universities, personal information of 160,000 current and former students and alumni may have been comprised. The breach was discovered April 21, 2009, but the database had been illegally accessed by hackers over six months prior in October 2008. Organizations must be constantly tracking and aware of hackers setting up shop on one or more of their systems.
#4 " Virginia Department of Health Blackmail
The FBI and Virginia State Police have been hunting down hackers who demanded that the state pay $10 million dollars ransom for the return of millions of personal pharmaceutical records that claimed to have been deleted and stolen from the Prescription Monitoring Program. The alleged "deleted data" was backed up and secured within days of the ransom demand. Modern hackers are becoming more bold and fearless.
#3 " Google
In 2009, Google had its fair share of data breaches, in its Google apps, Google AdWords, Google Docs, Gmail and more. As one of the biggest internet organizations, it's also one of the most targeted by hackers and other malicious threats.
#2 " Social Networking Sites
Twitter was hacked so many times in 2009 we could have a top 10 Twitter breach article by itself.
Whether it is individual accounts being compromised like Britney Spears, Twitter employees, or
Twitter 3rd parties, Twitter has equal opportunity exploitability. Facebook, YouTube and MySpace aren't any better. Social networking sites have had a tough year as far as data breaches and blunders are concerned and it's not going to be much better in 2010.
#1 " Nation's largest payment processor is poster child of breaches
One of the nation's leading payment processor is this year's new poster child of data security breaches. The official court proceedings report that 130 million records were compromised. The company processes credit cards for over a quarter of a million merchants nationwide. They have had 31 separate lawsuits filed against them as a result of the breach and about 700 banks announced losses as well. The good news is that we caught the bad guys! Albert "Segvec" Gonzalez has been indicted by a federal grand jury in New Jersey along with two unnamed Russian conspirators.
"2009 was a banner year for negative information security news and as we enter 2010, we are seeing more regulations, more fines, and more lawsuit filings " all related to information security. Data security breaches are nasty business and should be avoided at all costs," added Prince.
About Perimeter Perimeter is the trusted market leader of information security services that delivers enterprise-class protection and compliance. Through its cost-effective and scalable SaaS platform, Perimeter offers the most comprehensive compliance, security and messaging services that include: hosted email, encrypted email, firewall management and monitoring, vulnerability scanning, host intrusion and prevention, email antivirus and spam, remote data backup and email archiving. For more information about Perimeter visit www.perimeterusa.com.
For additional information contact:
Maggie Duquin / Ray Yeung