Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/15/2016
09:00 AM
Jai Vijayan
Jai Vijayan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail

The 7 Most Significant Government Data Breaches

Mega compromises at federal and state agencies over the past three years has compromised everything from personal data on millions to national security secrets.
2 of 8

The Georgia Secretary Of State Office Breach

In October 2015, Georgia Secretary of State Brian Kemp's office mailed CDs containing the personal information, including SSNs and birthdates, of 6.2 million registered voters in the state to 12 organizations that had purchased voting lists from the office. 

Ordinarily, the voting lists should not have included the personally identifying information.  

The breach resulted from what investigators later said was a clerical error on the part of a programmer who had worked with the state for a long time.   

According to the Atlanta Journal Constitution the chain of events that led to the snafu began with a request from the Georgia Department of Revenue for the Social Security numbers, driver's license numbers, birthdates and other personal data belonging to voters in the state. Instead of the data being uploaded to a separate secure file, the employee inadvertently attached it to the voter list file that was meant for distribution to those who had purchased it.  

Kemp's office later said all the discs that were mailed with the mistakenly added personal information were recovered and destroyed.


Image Source: 
montego via Shutterstock

The Georgia Secretary Of State Office Breach

In October 2015, Georgia Secretary of State Brian Kemps office mailed CDs containing the personal information, including SSNs and birthdates, of 6.2 million registered voters in the state to 12 organizations that had purchased voting lists from the office.
Ordinarily, the voting lists should not have included the personally identifying information.

The breach resulted from what investigators later said was a clerical error on the part of a programmer who had worked with the state for a long time.

According to the Atlanta Journal Constitution the chain of events that led to the snafu began with a request from the Georgia Department of Revenue for the Social Security numbers, drivers license numbers, birthdates and other personal data belonging to voters in the state. Instead of the data being uploaded to a separate secure file, the employee inadvertently attached it to the voter list file that was meant for distribution to those who had purchased it.

Kemps office later said all the discs that were mailed with the mistakenly added personal information were recovered and destroyed.

Image Source: montego via Shutterstock

2 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
ClaireEllison
50%
50%
ClaireEllison,
User Rank: Apprentice
11/21/2016 | 4:22:24 PM
Re: amazing
A great post with good questions/ But how to avoid that? I really wanted to send a small word to say thanks to you for the fantastic points you are writing on this site.
ONI SEO
50%
50%
ONI SEO,
User Rank: Apprentice
11/18/2016 | 11:34:05 AM
Mr ROBOT comes soon?
A great post with good questions/ But how to avoid that? What kind of solutions?
kbannan100
50%
50%
kbannan100,
User Rank: Moderator
11/17/2016 | 10:59:38 PM
It's going to take a village
These breaches are just the tip of the iceberg. We all know that. One of the biggest problems is the amount of unsecured endpoints that are out there. Things like printers that aren't secured and laptops that aren't running antivirus or -- if they are -- have not been patched. It's going to take a lot more work on everyone's behalf before the good guys get ahead of the criminals. 

--Karen Bannan for IDG and HP
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I've never actually seen the corporate ladder before.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18898
PUBLISHED: 2020-01-23
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14...
CVE-2019-19837
PUBLISHED: 2020-01-23
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.
CVE-2020-7210
PUBLISHED: 2020-01-23
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
CVE-2019-19835
PUBLISHED: 2020-01-23
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI.
CVE-2020-5216
PUBLISHED: 2020-01-23
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seei...