A few days ago we published a summary of six of the most important security attacks in 2014.
Today we continue this list with some other notable attacks, which stood out not just because of the stature of the companies attacked, but also because of the volume of compromised data.
Major security attacks in 2014 – Part 2
KCB and the theft of 106 million accounts
The Korean financial agency, Korea Credit Bureau (KCB), was the victim of an attack that exposed more than 105,8million user accounts, including credit card details, first names and last names, phone numbers, addresses and even passport numbers.
In this case however, no malware was used. The thief worked for KCB -ironically in the company’s anti-fraud department- and for 11 months had been copying the data before selling it to the highest bidder.
Had the information been adequately encrypted, the damage could have been far less, yet this wasn’t the case.
Orange: The importance of storing passwords on a secure server
In February, a vulnerability on the website of the French telecom firm Orange allowed hackers to access the data of hundreds of thousands of customers, including names, addresses and phone numbers.
Fortunately, and despite the security hole, Orange’s systems were sufficiently well set up as to prevent passwords from being compromised, thereby greatly reducing the damage to the 800,000 users affected.
It appears that these passwords were stored on a separate, more secure server.
SEA compromises Forbes’ security
Also in February, the Syrian Electronic Army (SEA) managed to compromise the website of Forbes. This resulted in the theft of data of more than a million users, including company employees.
Stolen data included names and email addresses, as well as (encrypted) passwords. Worse still, the SEA published the data on the Internet.
Data of 650,000 customers stolen from Domino’s Pizza
In June this year, the Domino’s Pizza fast-food chain was attacked by a group called “Rex Mundi”, and the data of some 650,000 French and Belgian customers was stolen.
In this case, the criminals demanded a ransom for the information, though the company’s chiefs said they were not willing to give in to blackmail.
Attack on DIY giant Home Depot
In September, Home Depot, the home improvements retailer, confirmed there had been an attack on its servers, compromising the data of 56 million credit and debit cards.
Moreover, according to the The Wall Street Journal, some of the accounts associated to these cards had been emptied.
To end 2014, we have witnessed one of the most significant targeted attacks on a company.
Many details of the attack are still unclear, but the effects on Sony have been tremendous: a week without being able to connect to computers, massive deletion of data, theft of internal company information…
The attackers have published five unreleased films and are threatening to leak confidential data.
There have also been reports of malware appearing with Sony’s digital signature, the passwords for which were stolen with the rest of the information.