The Top 5 Cybersecurity Breaches in 2016

The number of devastating cybersecurity breaches continues to rise and 2016 was no exception. It seems like every other day, the headlines pointed to another company or organization being breached. And we couldn’t escape a single report about the Presidential election without at least one mention of breached emails. The Guardian also reported how this year’s hacks and data breaches points to a worrying trend. Hackers are no longer targeting corporate networks for gain, instead going after sensitive data hiding in plain sight within personal information and correspondence. Now let’s take a look at 2016’s top 5 breaches…

5. Google Android – According to reports, there are now as many as 1.3 million Android phones infected with malware. This is a new form of attack because the main purpose of the Gooligan strain is to get users to download apps that are part of an advertising network – the more people view the ads, the more money the creators of the malware make. It’s estimated to be making as much as $320,000 a month. The malware also enables access to the user’s Gmail, docs, photos and other information, but Google announced that the hackers don’t seem to be stealing data.

4. Verizon Enterprise Solutions – When an organization that is dedicated to helping Fortune 500 companies respond to some of the world’s largest data breaches is hacked, it should be cause for alarm. Verizon Enterprise Solutions had its systems hacked and information about 1.5 million customers was stolen. Verizon fixed the security flaw, but the data was being sold on an underground cybercrime forum. According to Verizon the information stolen was limited to basic contact information for many of its customers. The problem is that this information can then be used to create convincing phishing emails to drive those customers to click on a link that enables malware to be downloaded.

3. Internal Revenue Service – The data breach at the Internal Revenue Service (IRS) was first uncovered in May 2015 but it wasn’t until February 2016 that they realized how much damage had been done. It was determined that over 700,000 American taxpayers may have had their personal information exposed during this breach. This information was stolen by a Russian criminal organization and the plan was to file fraudulent tax returns with it. This theft shows that any system is vulnerable, including one that everyone assumes has the strongest security to protect its information.

2. Democratic National Committee (DNC) / Hillary Clinton / John Podesta – It was the email breach that may have influenced the outcome of a Presidential election in the United States (or may not have depending on which candidate you supported). Whether it was the Democratic National Committee, Hillary Clinton, or John Podesta’s emails, the ramifications of these breaches are still being analyzed. The emails were released by WikiLeaks and were scrutinized by everyone from the media to political opponents. Many in the intelligence community have pointed to Russian intelligence-affiliated groups as being the culprits.

1. Yahoo – Ooops… they did it again… Yahoo just announced that it uncovered a breach of more than one billion users accounts from August 2013, which is the largest breach ever! As everyone remembers, Yahoo reported a separate breach of 500 million user accounts back in September. So what’s the financial impact of this latest breach? It could be $4.83 billion – the amount that Verizon agreed to in order to buy Yahoo. And that’s not including any possible class action lawsuits and the erosion in their brand. The latest breach is said to include names, email addresses, telephone numbers, dates of birth, hashed passwords, and even encrypted or unencrypted security questions and answers. But don’t think the hashed passwords are protected. They used an old algorithm that is now easy to uncover.

So what does this list tell you? With billions on the line, it’s time for enterprises to determine if their crown jewel assets are vulnerable. Don’t wait for your company to make headlines due to a breach. Contact Pathlock to learn how to protect your crown jewel assets. And click here to find out how your cyber posture compares by viewing this on-demand webinar.