IT Security & Network Security News & Reviews: 10 Biggest Data Breaches of 2011 So Far
Sony's PlayStation Network, Qriocity, Sony Online Entertainment
Date Reported: April 26Size: 101 million user accountsType of Data: name, home and e-mail addresses, login credentials, some credit card information Sonys three cloud services for PlayStation games, music and video, and online gaming were compromised by attackers while the company was distracted by a distributed denial of service attack from a different source. The company is rebuilding the services to be more secure.
Epsilon, Alliance Data Systems
Date Reported: April 1Size: Unknown; 60 million estimated e-mail addressesType of Data: e-mail addresses, some namesAttackers breached e-mail marketing provider Epsilons databases and waltzed off with e-mail marketing lists belonging to its clients, including Walt Disney, JPMorgan Chase and Best Buy. While the company has declined to disclose exactly how many addresses were stolen, risk analytics firm estimate the number is around 60 million.
Date Reported: Feb. 7Size: 60,000 recordsType of Data: corporate emails, presentations, client reportsThe Anonymous hackers collective attacked HBGary Federals network in revenge for comments made by the CEO regarding their identities. The group hacked the email server and published all the stolen documents on a Russian server, ala Wikileaks-style.
Date Reported: April 14Size: Unknown, 18 million records estimated Type of Data: source code, API keys, passwords
University of South Carolina
Date Reported: March 4Size: 31,000Type of Data: names, addresses, health records, financial data, Social Security numbersA "security problem" exposed the information of faculty, staff, retirees and students on eight USC campuses.
Date Reported: March 24Size: unknownType of Data: user e-mailsThe "unauthorized" intrusion into TripAdvisors database affected only a portion of users, but the company was not very forthcoming about any details. As the worlds largest travel related site, its likely to have impacted many users.
Date Reported: March 18Size: UnknownType of Data: "information related to SecurID technology"RSA Security may not be considered big in terms of actual records compromised, but the attack had wide-ranging repercussions, not only on the security company, but on all the enterprises and government agencies that rely on the SecurID two-factor authentication technology for their own security.
HuskyDirect.com, University of Connecticut
Date Reported: Jan. 11Size: 18,059 recordsType of Data: names, addresses, credit card numbers, e-mail addresses, phone numbersAn attacker was able to access the customer database and viewed information belonging to customers who bought UConn-branded sports gear.
Date Reported: Jan. 12Size: 231,400 recordsType of Data: patient names, social security numbers, addresses, phone numbersDespite the size, this was pushed down the list because it occurred in 2010 but was reported in 2011. This unusual breach happened in Nov. 12, 2010 when third-party intruders broke into the network to use the bandwidth to play Call of Duty. Its not clear whether they accessed the patient data.
Ankle and Foot Center of Tampa Bay
Date Reported: Jan. 29Size: 156,000Type of Data: names, dates of birth, addresses, social security numbers, health care services receivedThis was another 2010 incident reported in 2011. Hackers breached the centers network to access protected patient health information and personal data.