Five damaging data breaches caused by human error - BLACKMORE RICOTECH

Five damaging data breaches caused by human error

18th February 2016

Each time a data breach hits the news, certain sections of the media jump on their hacking hobbyhorse in a frenzy of excitement, frothing hysterically about cyber war and desperate to pin every attack on China, North Korea or Russia – usually in spite of a manifest lack of evidence that these countries are in any way culpable.

“Was it China? I think it was China. It was definitely China.”

“No. WAIT! North Korea! It’s got to be them.”

Although the idea of a group of state-sponsored criminal hackers working in an abandoned nuclear bunker in China (all moody lighting and walls festooned with flat-screen monitors displaying code in scrolling green columns like The Matrix) makes hacking sound sexy, it’s usually just Dave in marketing’s fault for downloading a bank statement emailed to him by a bank that the company doesn’t even have an account with.

Human error is the cause of most data breaches.

It’s no secret that the largest threat to an organisation’s data is its own employees – whether deliberate or not. In fact, some of the most damaging data breaches have been caused by human error. Here are five particularly egregious examples.

Facebook reveals dates of birth of 80,000,000 users

A minor slip-up in a new website design by Facebook back in 2008 led to the dates of birth of 80 million users being publicly accessible. While it’s not the most sensitive data that’s ever been leaked, it can be very harmful if combined with other data to conduct identity theft.

Clinic leaks HIV status of patients

Last year, the 56 Dean Street clinic in London – one of Europe’s busiest sexual health clinics – mistakenly revealed the names and addresses of 780 people subscribed to a HIV newsletter, which included, but was not limited to, patients with HIV.

Recipients of an emailed newsletter were supposed to be blind-copied, but whoever sent it mistakenly copied email addresses into the “To:” field rather than “BCC:”, with the result that every recipient could see everyone else’s names and email addresses. The Guardian reported that the employee responsible was “distraught” at their error.

Pentagon suffers data breach via spear phishing attack

A spear phishing attack on the Pentagon back in August 2015, unsurprisingly assumed to have been caused by Russia, saw the theft of personal information or around 4.000 military and civilian personnel.

Rather than focus on who did it, however, the question should have been how did an employee of the PENTAGON fall victim to a phishing email?

Sony hackers used phishing emails to breach company networks

The cyber attack on Sony Pictures Entertainment in 2014, which left the organisation without computer systems for several weeks, appears to have materialised from a phishing campaign.

A security researcher has found that hackers used phishing emails to penetrate Sony Picture Entertainment’s computer networks last fall.

Stuart McClure, CEO of computer security firm Cylance, says that he analysed a downloaded database of Sony emails and in the process discovered a pattern of phishing attempts.

“We started to realize that there was constant email around Apple ID email verification, and it was in a number of inboxes,” he told POLITICO.

Ubiquiti fraud: the $46 million cyber crime

While this may not technically be a data breach, it’s a human error worthy of mention.

Last year Ubiquiti revealed in an SEC Form 8-K filing that an incident involving “employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department … resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties.”

Article courtesy of IT Governance –  http://www.itgovernance.co.uk

Our valued clients include...
  • COMPLETE AND IRRECOVERABLE DATA DESTRUCTION
  • ON-SITE OR AT YOUR PREMISES IF REQUIRED
  • ENVIRONMENTAL RECYCLING - ZERO WASTE TO LANDFILL
  • ADISA ACCREDITED AND ENVIRONMENT AGENCY LICENCED
  • FULL ASSET ELECTRONIC AUDIT AND TRACKING
  • DATA PROTECTION ACT AND WEEE DIRECTIVE PAPERWORK SUPPLIED

To find out how BLACKMORE RICOTECH can manage your secure IT disposal, get in touch. Call 0800 880 3678 today

Stay Informed

If you would like to be kept up to date with changes to Data Protection or WEEE legislation, together with other important information that could affect your business, why not subscribe to our newsletter service? Rest assured, we will not share your information with anyone else and you can unsubscribe at any time. To stay informed, simply enter your email address and click the SUBSCRIBE button.

Footer logos