Sometimes learning what not to do can be just as helpful as learning what to do. When it comes to cybersecurity, we’ve learned that history has a habit of repeating itself. Even if the cyberattacks are bigger or better, the motive remains the same. If your organization stores any kind of data, your at risk. Anything confidential is valuable.
Just ask Sony, Target and Marriott. These infamous cyberattacks can teach us that even the largest brands in the world, with the most experienced cybersecurity teams, need to stay educated, vigilant and guarded in order to protect and preserve private information. What are you doing to keep your organization off of this list? If you aren't sure, check out our new security awareness training guide and the IT certifications along the CompTIA Cybersecurity Career Pathway to get started.
10 Infamous Cyberattacks to Learn From
Sony’s Sorrows
In 2011, hackers stole personal data from 77 million Sony PlayStation users, including confidential banking information. The hack was a distributed denial of service (DDoS) attack and not only shut down PlayStation Network (PSN) for 23 days, but also cost the company $15 million in compensation to users. But Sony’s problems didn’t end there. In 2014, Sony Pictures was attacked using malware to gain access to sensitive information including film scripts and employee emails. In fact, studio co-chairwoman Amy Pascal had some compromising emails exposed – and eventually lost her job. Later, the FBI placed blame on North Korea surrounding criticism of the movie, The Interview.
Trouble at Target
During the Black Friday holiday shopping season in 2013, 40 million Target customer credit card accounts were compromised. The cyberattack happened again in early 2014, this time affecting the records of 70 million customers. It was later discovered that the breach occurred when a username/password was stolen from an authorized Target vendor. But the data may have been made vulnerable by the retailer’s failure to properly separate systems handling payment card data from the rest of its network. In the end, Target shelled out $18 million in a multi-state settlement as a resolution.
Yahoo! Yields
Back in 2014 Yahoo! was attacked and 500 million user accounts were affected. Information like names, birth dates, passwords and telephone numbers were leaked. At that time, the company discovered that it had been a target of a previous cyberattack in 2012. Then, the search engine was breached again in 2018 – this time affecting 32 million accounts. Later that year, Yahoo! revealed that a total of 3 billion accounts were stolen in 2013. The company reported that the 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to access any account without a password. Criticism of the company’s lack of security lowered its price significantly when purchased by Verizon in 2017.
A Mess at Marriott
A wide array of personal information was very secretly and stealthily stolen from Starwood Hotels’ Marriott brand dating back to 2014. Over the course of three years the hackers very slowly collected confidential information until it was realized in late 2017. At that time, Marriott confirmed that up to 500 million hotel guest’s info had been leaked. The information the hackers were after was notably different, including passport numbers, Starwood’s reward information, arrival and departure times, reservation dates and communication preferences. Authorities believe that the offenders were nation-state hackers tracking the movement of political VIPs.
Ashley Madison’s Mistake
In mid-2015 a hacktivist group called “The Impact Team” notified online dating site, Ashley Madison, with the news it had the personal information from 32 million of the site’s members. The hackers threatened to expose that info unless the site was taken down. But Ashley Madison didn’t take the bait, and true to their word, The Impact Team released the sensitive data. Post-attack, the hackers justified their actions citing the company’s failure to protect its data properly and lying to users about the deletion of sensitive information. In short, the site’s betrayal of its customer’s confidential information cost the company nearly $30 million in fines and damages.
The Equifax Equalizer
One of the nation’s largest credit reporting agencies discovered a breach on July 29, 2017, but didn’t publicize the news until September 7. The hack exposed the personal information of 147 million people, including passports and driver’s licenses as well as Social Security numbers. Equifax disclosed that a security hole exploited by the hackers was revealed earlier that year, but that it had failed to patch its systems. Furthermore, board members who knew about the cyberattack sold a significant amount of stock just days before the breach was made public, leading to accusations of insider trading. Equifax agreed to a global settlement in the amount of $425 million.
Facebook’s Faux Pas
Just last year the Cambridge Analytica scandal was front and center, damaging Facebook’s reputation and exposing security vulnerabilities with more than 30 million user records breached. Instead of going after the typical personally identifiable information (PII), hackers focused on data like names, relationship status, religion, birth date, employers, search activity and check-ins. The objective was to map personality traits and link users with targeted digital ads. Of course, Cambridge Analytica was accused of other, politically motivated objectives as well. The Federal Trade Commission (FTC) approved a record $5 billion fine on Facebook to settle the investigation into data privacy violations.
The Toyota Target
Earlier this year, Toyota announced on its website that a Japanese server was breached, potentially affecting 3.1 million people. The cyberattack appeared to be limited to unauthorized access to the company’s computer systems, and confidential data appeared to be contained. While this particular incident was kept in check, Toyota had previously been the victim of other security attacks in Australia and Asia. Experts say the rise in the amount of data that automakers are collecting, due to increasing technology in cars, make these companies a target for hackers and make server lock downs even more important.
American Medical Collection Agency’s Default
Massive health care debt collector the American Medical Collection Agency (AMCA) discovered a breach in the spring of 2019. The agency announced that almost 20 million patient records had been exposed. In addition to standard personal information, data such as health care providers, balances due and medical services performed were part of the breach. Patients associated with LabCorp and Quest Diagnostics made up the initial 20 million victims, but since then many more providers have been added, bringing that total up to more than 25 million. As a result, AMCA’s parent company filed for Chapter 11 protection in mid-June.
A Fortnite Failure
Epic Games’ popular video game, Fortnite, draws approximately 200 million users worldwide. And while you may not know the real person playing behind the skin, cybersecurity research firm Check Point Research found vulnerabilities that allow real impersonations. Specifically, flaws in the game’s login system allowed hackers to impersonate players and purchase in-game currency using their credit cards on file. Additionally, the attackers could eavesdrop on players’ in-game chatter. A class action lawsuit is pending against Epic Games in light of this widespread account exposure.
Stay on Top of Cyberattacks
The IT certifications along the CompTIA Cybersecurity Career Pathway validate the skills needed to protect your organization from cyberattacks.
Get more tech insights like this right in your inbox with CompTIA’s IT Career Newsletter. Subscribe today, and you can save 10% off your next CompTIA purchase.
