Data: the worst breaches and how to stop them CybersecurityData 179 2 19th July 2019 With the proliferation of organisations relying on the storage and use of vast amounts of customer data, we’ve never been more at risk of having our details bared to the world. Big data is amassing at an astonishing rate. In just a minute in the US, 188 billion emails and 18 million texts are sent, Tinder users swipe 1.4 million times and 390,000 apps are downloaded. Each day, Facebook alone receives half a million account sign-ups. Every bit of that information goes somewhere, and a lot of it contains information some would rather not see become public. From political beliefs to passwords and credit card details to home addresses, our personal data is stored somewhere. Sometimes it is stored safely. Other times it’s just a click away from being compromised. When breaches expose our sensitive, personal or confidential information, we may become vulnerable to further attacks. The most disastrous data breaches of all time Ashley Madison Ashley Madison takes the mantle when it comes to the storage of particularly sensitive data. Some of the information kept on the servers of the once-popular extramarital dating site is the most intimate and secret; even more so than addresses, passwords and emails. At the time of the hack, the site boasted to its near 40 million users that it was both anonymous and totally discreet. In the fallout of the attack many users of the site, among them politicians, priests, celebrities and civil servants, were exposed by hacktivists for their extramarital affairs. The group behind the data breach, known as the Impact Team, criticised the site for lying to its customers over their poor data security. This hack eventually gave rise to untold levels of extortion and blackmail, which continues to this day. Starwood-Marriott Marriott owned Starwood, the largest hotel chain in the world, revealed in 2018 that the details of half a billion hotel guests had been compromised. The majority, around 300 million, contained birthdates, names, home addresses and passport numbers. Although Starwood’s IT team thought they had noticed the attack at the time of discovery, there was little they could do to stop it. The hacker used a Remote Access Trojan (RAT), so they could fly under the radar and go about their hack without being noticed. It later transpired that the hackers had breached their system long before, and had been siphoning off data for years. It was eventually claimed that China was behind the breach. Marriott is set to be fined £100 million by the UK Information Commissioner’s Office (ICO) for breaking European GDPR laws. Yahoo In terms of numbers, Yahoo stands head and shoulders above the rest. In 2013, three billion accounts stored on its servers were breached. Among the data stolen were names, birthdates, phone numbers and passwords. Initially thought to be just one billion, Yahoo later found that every account on its server had been compromised. It is the biggest known data breach of a single organisation, and although Yahoo had encrypted their user accounts, it was easy to crack. Facebook-Cambridge Analytica Facebook is no stranger to data breaches. It seems to be forever embroiled in a scandal involving account security, data collection and privacy. However, the breach last year had severe ramifications, shaping an entire election campaign. Cambridge Analytica, a British political consultancy firm, had developed an app to survey Facebook users. To participate in the survey users had to give their permission to access their timeline and information; standard fare for applications. They later came to learn that a flaw in Facebook’s open-source API, which allows developers to make apps for the platform, allowed the data of not only the users but their entire network. The data of 87 million users was harvested. It was found that the information had been used to influence voters in political campaigns. The scandal ignited public debate and raised discussions about ethics, consumer protection and the right to privacy. Facebook has since taken steps to increase transparency for its users. Preventing data breaches It is generally accepted that most organisations are likely to be on the receiving end of a data breach at some point. It’s an unavoidable prospect in the digital age. These hacks from outside, or within, can have devastating effects on a company’s reputation, severely damaging their financial bottom line. How an organisation mitigates a potential attack differs greatly depending on the business. Some spend billions yet still suffer serious security breaches. However, there are simple steps organisations can take to mitigate or eliminate the threat of a data breach. Using strong passwords is vital, as is upgrading software regularly. Enforcing multi-factor authentication can go a long way to ensuring safety, so too can encrypting sensitive data. One of the most important factors is educating employees on best security practices. With the prevalence of IoT devices at home and in the workplace, some with less than robust security, it is now more important than ever to ensure that the data we store is safeguarded correctly. For our curious readers, there is a website which allows you to see if your details have been compromised. Simply type in your email, and Have I Been Pwned will tell you. Visit www.haveibeenpwned.com and try it for yourself. Article written by:Ben KansyBen is a multimedia journalist with a keen passion for technology and art.