Welcome!

Release Management Authors: Pat Romanski, Elizabeth White, David H Deans, Liz McMillan, Jnan Dash

News Feed Item

Perimeter E-Security Exposes Top Ten Biggest Security Breaches and Blunders of 2009

MILFORD, Conn., Nov. 23 /PRNewswire/ -- Perimeter E-Security, the trusted market leader of information security services that delivers enterprise-class protection and compliance to companies of all sizes, announced the top ten biggest information security breaches and blunders of 2009. According to Chief Technology Officer, Kevin Prince, there is a common thread between all of these incidents: they could have been avoided.

"2009 has been a year full of data breaches, compromises and exposures all around cyber-criminality. These incidents could have been prevented by adopting basic security standards and embracing a culture of security," added Prince. "Most companies actually know exactly where they lack security and where their gaps and exposures are. But knowing this, they still 'play with fire' and hope that they won't get burned. Now is the time for everyone to take into account of all the malicious breaches and blunders that have happened in the last year alone, and take the time to reconfigure their network protection systems to prevent these mishaps from happening to them."

Here's the list of the top 10 biggest information security breaches and blunders in 2009:

#10 - Malicious Codes' Extended Stay

Hackers broke into web servers owned by a major domain registrar and hosting provider and planted rogue malware that resulted in the compromise of more than 573,000 debit and credit card accounts. The malicious code was in place for over three months. This type of "extended stay" of malicious code is a negative trend that showed progress in 2009.

#9 - The Ease of Hacking a CEO's Mailbox

A significant hosted email provider offered a $10,000 prize to anyone who could hack into its CEO's mailbox. The company used the authentication method, providing one-time pin code and even gave usernames and passwords. Hackers successfully broke in, bypassing the 2nd factor authentication using a cross site scripting vulnerability.

#8 - The Jealous Boyfriend

You can't forget the man who sent spyware to his girlfriend, who then opened the email on her work computer, resulting in a data security breach on a major children's hospital network. The hospital could have used a web content filtering solution, but even that wouldn't completely eliminate the problem. This particular breach shows that some healthcare organizations can still be apathetic towards information security.

#7 - Macking

Media hacking or "macking" has become quite popular in 2009. Macking, characterized as the lowest of the low hanging fruit, can be very profitable for cyber criminals in this day in age where search engines can be easily manipulated, botnets can send billions of email messages, and social network sites have worms that can spread messages.

#6 - Insiders Everywhere

This year was also the year of insider breaches. A temporary telecom company employee was arrested on charges of stealing personal information and then pocketing more than $70,000 by taking out short-term payday loans. Even one of the world's leading anti-virus and internet security provider had an international office employee steal customers' credit card numbers. Insider breaches will continue to be a rising threat for 2010 and beyond, as long as companies don't have the proper policies in place to prevent them.

#5 - 160,000 California University records hacked

At one of California's most esteemed universities, personal information of 160,000 current and former students and alumni may have been comprised. The breach was discovered April 21, 2009, but the database had been illegally accessed by hackers over six months prior in October 2008. Organizations must be constantly tracking and aware of hackers setting up shop on one or more of their systems.

#4 - Virginia Department of Health Blackmail

The FBI and Virginia State Police have been hunting down hackers who demanded that the state pay $10 million dollars ransom for the return of millions of personal pharmaceutical records that claimed to have been deleted and stolen from the Prescription Monitoring Program. The alleged "deleted data" was backed up and secured within days of the ransom demand. Modern hackers are becoming more bold and fearless.

#3 - Google

In 2009, Google had its fair share of data breaches, in its Google apps, Google AdWords, Google Docs, Gmail and more. As one of the biggest internet organizations, it's also one of the most targeted by hackers and other malicious threats.

#2 - Social Networking Sites

Twitter was hacked so many times in 2009 we could have a top 10 Twitter breach article by itself. Whether it is individual accounts being compromised like Britney Spears, Twitter employees, or Twitter 3rd parties, Twitter has equal opportunity exploitability. Facebook, YouTube and MySpace aren't any better. Social networking sites have had a tough year as far as data breaches and blunders are concerned and it's not going to be much better in 2010.

#1 - Nation's largest payment processor is poster child of breaches

One of the nation's leading payment processor is this year's new poster child of data security breaches. The official court proceedings report that 130 million records were compromised. The company processes credit cards for over a quarter of a million merchants nationwide. They have had 31 separate lawsuits filed against them as a result of the breach and about 700 banks announced losses as well. The good news is that we caught the bad guys! Albert "Segvec" Gonzalez has been indicted by a federal grand jury in New Jersey along with two unnamed Russian conspirators.

"2009 was a banner year for negative information security news and as we enter 2010, we are seeing more regulations, more fines, and more lawsuit filings - all related to information security. Data security breaches are nasty business and should be avoided at all costs," added Prince.

About Perimeter

Perimeter is the trusted market leader of information security services that delivers enterprise-class protection and compliance. Through its cost-effective and scalable SaaS platform, Perimeter offers the most comprehensive compliance, security and messaging services that include: hosted email, encrypted email, firewall management and monitoring, vulnerability scanning, host intrusion and prevention, email antivirus and spam, remote data backup and email archiving. For more information about Perimeter visit www.perimeterusa.com.

For additional information contact:
Maggie Duquin / Ray Yeung
Brainerd Communicators
212-986-6667
[email protected] / [email protected]

SOURCE Perimeter E-Security

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...