Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The worst security SNAFUs this year (so far!)

Ellen Messmer | July 16, 2014
From denial-of-service attacks to cyber-espionage to just plain old human flubs, network security SNAFUS abound.

The Los Angeles Department of Health Services said it's notifying about 168,000 patients that their personal health information as well as billing information was at risk of exposure after Sutherland Healthcare Solutions, which handles DHS's billing and collections, reported in February that its office was broken into and computer equipment holding that information stolen.

Indiana University said a breach of its systems had exposed the personal data of about 146,000 students. The university indicated it believed the information, which had been stored in an insecure manner, wasn't grabbed by an individual hacker but instead was crawled by a number of automated web-crawling applications.

In a flub, Banner Health based in Phoenix accidentally exposed personal information on more than 50,000 people when their Medicare and Social Security numbers showed up on magazine address labels.

The State of Connecticut said that due to a printing error, the tax forms mailed to about 27,000 people on unemployment information could include someone else's information. The department said it was re-mailing the forms.

Bitcoin exchange Mt. Gox said it lost 750,000 of customers' bitcoin — a value of $470 million — after the virtual currency disappeared from its digital coffers. It later filed for bankruptcy.

Hackers were circulating credentials for what appeared to be more than 7,000 FTP sites, including compromised servers for the New York Times, where hackers uploaded several files to its server.

MARCH

The Wall St. Journal, citing undisclosed sources, reported that a major infiltration of a military network blamed on Iran was "facilitated by a poorly written contract with computer-services provider Hewlett-Packard Co." because the government contract with HP for the Navy Marine Corps intranet didn't require the company to require security for a specific set of government databases, "and as a result, no one regularly maintained security on them."

Social site Meetup was made unavailable for over a day as it suffered a denial-of-service attack that came with an extortion request for $300. Meetup said it would not negotiate with cyber-criminals.

The Internal Revenue Service said an IRS employee took home personal information on about 20,000 individuals stored on a drive and loaded it onto an insecure home network.

APRIL

The Veterans of Foreign Wars of the U.S. notified 55,000 of its veteran members that it learned in April that attackers, possibly from China seeking military information, had gained access to its systems to download tables containing name, address and Social Security numbers. The attack made use of malware such as remote access Trojans, the VFW said.

Law enforcement alerted Portland, Ore.,-based Central City Concern, which assists those struggling with homelessness, poverty and drugs, that a former CCC employee had wrongfully copied personal information from what was discovered to be about 17,914 client records in order to try and process fraudulent tax returns in the names of people CCC was trying to help.

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for Computerworld eNewsletters.