Back to blog

The Top 5 Cybersecurity Breaches in 2016, Part I

Pathlock
June 30, 2016

The Top 5 Cybersecurity Breaches in 2016, Part I

We’ve reached the halfway point of 2016 but unfortunately the number of devastating cybersecurity breaches continues to rise. It seems like every day there’s another report about a company’s vital data being hacked or an organization falling victim to ransomware. Here are the top 5 cybersecurity breaches so far this year. February 7, 2016 Hollywood Presbyterian Medical Center Hollywood Presbyterian Medical Center was attacked with ransomware and it interfered with their day-to-day operations. The computer system was hacked and being held ransom for 3.6 million in bitcoins. The computers were used to document patient care, transmit lab work, share x-rays and CT scans, and much more. While the systems were down, the hospital was severely hindered in its ability to care for patients. In addition, any medical records of patients previously at the hospital were inaccessible because of this attack. In order to restore their systems, the hospital paid $17,000 to obtain the decryption key. While it may not seem significant that an area hospital fell victim to ransomware, it highlights how every organization is vulnerable regardless of the type of service they may provide. February 18, 2016 – Rosen Hotels & Resorts Guests at Rosen Hotels & Resorts noticed unauthorized charges on their credit card statements and contacted the chain in February. Rosen Hotels acted immediately, bringing in a cyber security expert to check their systems. The expert uncovered malware installed on the hotel’s payment card network. After further investigation, they found that data had been stolen between September 2, 2014 and February 18, 2016. The malware pulled data that was read from the magnetic strips of credit cards. Rosen acknowledged that in some instances the malware was able to get payment card data but not the cardholder’s name. In other cases the malware was able to pick up the cardholder’s name, card number, expiration date and internal verification code. This went undetected for approximately 17 months. Unfortunately Rosen Hotels is just another corporate victim to have customer data stolen during a breach. Other hotel chains that have had similar incidents include Trump, Hilton, Marriott, Sheraton and Westin. February 29, 2016 – Internal Revenue Service The data breach at the Internal Revenue Service (IRS) was first uncovered in May 2015 but it wasn’t until February 2016 that they realized how much damage had been done. It was determined that over 700,000 American taxpayers may have had their personal information exposed during this breach. This information was stolen by a Russian criminal organization and the plan was to file fraudulent tax returns with it. This theft shows that any system is vulnerable, including one that everyone assumes has the strongest security to protect its information. March 25, 2016 – Verizon Enterprise Solutions When an organization that is dedicated to helping Fortune 500 companies respond to some of the world’s largest data breaches is hacked, it should be cause for alarm. Verizon Enterprise Solutions had its systems hacked and information about 1.5 million customers was stolen. Verizon fixed the security flaw, but the data was being sold on an underground cybercrime forum. May 11, 2016 – Wendy’s Wendy’s received reports of unusual activity involving payment cards at several of their restaurant locations and began an investigation. They found that malware made its way into the point of sale system at more than 300 franchises in North America. They also announced that additional malicious cyber activity had been discovered at several chains. This attack highlights how vulnerable PoS systems can be to malware. So what should we learn from these breaches? Don’t wait for a cyberattack to expose your vulnerabilities. Click here to find out how your cyber posture compares by viewing this on-demand webinar.