Each day tens of thousands of people from all over the world are hacked. Not just sent run-of-the-mill phishing emails, but legitimately hacked. This has made the cybersecurity industry grow at a rate only surpassed by the Internet of Things (which ironically may be one of the largest threats to cybersecurity in the world). We thought it would be good to go over some of the largest cybercrimes of the first half of 2018, and some telling statistics that will give you an idea of what exactly you are up against.
In trying to establish what were the most devastating hacks, we’ve combed through this year’s records and have decided to break it down by public and private hacks. Public hacks have to do with individuals and municipalities, while private hacks are the ones that infiltrate businesses and make available thousands and millions of records for sale. Without further ado, here are the biggest hacks so far in 2018:
- 280,000 Medicaid records were exposed when a hacker broke into Oklahoma State University Center for Health Sciences. Patient names and provider names of these individuals were exposed.
- FedEx had customer records leaked after an unsecured server owned by a company acquired by FedEx, Bongo International, was hacked. Over a hundred thousand files, including names, drivers’ licenses, national ID cards, voting cards, and utility bills were exposed.
- Travel booking site, Orbitz, had a security vulnerability that resulted in upward of 880,000 customers’ payment card information, or about two whole years of customer data, taken off their server.
- French news site L’Express exposed reader data by leaving a database up for weeks without a password needed for access. After being warned, the Paris-based periodical left the database exposed for weeks.
- Hackers gained access to 134,512 patient and financial records after a malware attack at St. Peter’s Surgery and Endoscopy Center in Albany, NY.
- Under Armor, one of the largest sports apparel brands in the world, had their mobile application, MyFitnessPal, hacked, exposing around 150 million people’s personal information.
- Aerospace giant Boeing was hit by the WannaCry ransomware that affected “a few machines” that weren’t protected with Microsoft’s 2017 patch.
- Twitter forced its hundreds of millions of users to change their passwords after admitting that, at one time, user passwords were stored in plaintext, and may have been exposed to internal company staff.
- An unauthenticated API found on T-Mobile’s website exposed the personal information of all of their customers, by simply using their cell phone number. Information that was available included full name, address, account numbers, and in some cases, tax IDs.
- A bug found in Atlassian development software titles Jira and Confluence allowed hackers to infiltrate the IT infrastructures of several companies and one U.S. government agency.
- The predominant way for American travelers to secure European rail tickets, Rail Europe, had a three-month breach of credit cards. It’s thought that thousands of users’ credit card information was taken in the breach.
- Around 340 million records were stolen from marketing company Exactis. It may be amazing to you that a company that you have never heard of leaked what amounts to the personal information of nearly every American. The company, which aggregates and compiles business and consumer data, has been hit with a class action lawsuit in response to the breach.
- Apparel giant Adidas had their website hacked, resulting in the loss of a few million people’s personal and credit card information.
- At least 800 e-commerce sites, including Ticketmaster, had consumer card information skimmed in a huge campaign by a hacker collective named Magecart. Targeting third-party developers, they are able to alter code and syphon off the information they wanted.
- Department of Homeland Security was affected by a data breach that exposed 247,167 current and former employees and other individuals.
- The City of Atlanta, Georgia was hit with a ransomware attack, dubbed SamSam, that caused a massive problem for their municipal infrastructure. Hackers asked for $51,000 to release the encrypted files, a number Atlanta’s leaders were unwilling to meet. It has subsequently cost the city more than 10x that. In fact, as of early June, there were still some parts of the city that were using analog or manual systems. Some experts believe that the total cost to taxpayers will be nearly $20 million.
- India’s national ID database, Aadhaar, leaked data on over a billion people. In one of the largest-known breaches in history, a user could pay 500 rupees ($7) and get the login credentials that allowed anyone to enter a person’s 12-digit code and get their personal information. An additional 300 rupees ($4.20) gave users access to software through which anyone could print an ID card for any Aadhaar number.
- It came to the forefront that Cambridge Analytica, the data analytics company that U.S. President Donald Trump used to help his campaign had harvested personal information from over 50 million Facebook users without their permission. While Facebook denied this was a “data breach”, Cambridge Analytica was banned from the service over the ordeal.
- A major hack at a U.S. Government-funded active shooter training center exposed the personal data of thousands of U.S. law enforcement officials, while also exposing that many police departments are ill equipped or unable to respond to an active shooter situation.
These are just the most major of the hacks of 2018. There is still major fallout from 2017’s major breaches, including the Friendfinder hack that exposed 412 million user accounts and the Equifax data breach that affected 148 million people. In fact, even though the hacks referenced above cover a lot of ground, hundreds of organizations have their cybersecurity compromised each day. According to billionaire investor Warren Buffet, there is reasonable evidence that there could be a major cyberattack that could cost insurers tens of billions of dollars. The statistics back this up:
- In 2017 over 130 large-scale breaches were reported, a 27 percent increase over 2016.
- Nearly 1-in-3 organizations have experienced some sort of cyberattack in the past.
- Cryptojacking (stealing cryptocurrency) increased 8,500 percent in 2017.
- 100,000 organizations were infected with the WannaCry ransomware (400,000 machines).
- 5.4 billion WannaCry attacks were blocked in 2017.
- The average monetary cost of a malware attack for a business is $2.4 million.
- The average time cost of a malware attack for a business is 50 days.
- Ransomware cost organizations over $5 billion in 2017.
- 20 percent of cyberattacks come from China, 11 percent from the United States, and six percent from the Russian Federation.
- Phone numbers are the most leaked information.
- 21 percent of files are completely unprotected.
- 41 percent of companies have over 1,000 sensitive files left unprotected.
- Ransomware is growing at 350 percent annually.
- IoT-based attacks are growing at about 500 percent per year.
- Ransomware attacks are expected to quadruple by 2020.
- 7.7 percent of web requests lead to malware.
- There were 54 percent more types of malware in 2017 than there were in 2016.
- The cybersecurity market will be worth over $1 trillion by 2025.
Cybersecurity risk is high, and it’s just getting more and more risky. By assessing your company’s cybersecurity health the IT professionals at Eckstrom Consulting can put you with the solutions and services needed to keep threats at bay. If you are looking to improve your cyber security, or if you would like to know how to, contact us today.