IT Security & Network Security News & Reviews: 10 Biggest Data Breaches of 2011 So Far

 
 
By Fahmida Y. Rashid  |  Posted 2011-05-25
 
 
 

Sony's PlayStation Network, Qriocity, Sony Online Entertainment

Date Reported: April 26Size: 101 million user accountsType of Data: name, home and e-mail addresses, login credentials, some credit card information Sonys three cloud services for PlayStation games, music and video, and online gaming were compromised by attackers while the company was distracted by a distributed denial of service attack from a different source. The company is rebuilding the services to be more secure.

Sony's PlayStation Network, Qriocity, Sony Online Entertainment

Epsilon, Alliance Data Systems

Date Reported: April 1Size: Unknown; 60 million estimated e-mail addressesType of Data: e-mail addresses, some namesAttackers breached e-mail marketing provider Epsilons databases and waltzed off with e-mail marketing lists belonging to its clients, including Walt Disney, JPMorgan Chase and Best Buy. While the company has declined to disclose exactly how many addresses were stolen, risk analytics firm estimate the number is around 60 million.

Epsilon, Alliance Data Systems

HBGary Federal

Date Reported: Feb. 7Size: 60,000 recordsType of Data: corporate emails, presentations, client reportsThe Anonymous hackers collective attacked HBGary Federals network in revenge for comments made by the CEO regarding their identities. The group hacked the email server and published all the stolen documents on a Russian server, ala Wikileaks-style.

HBGary Federal

WordPress

Date Reported: April 14Size: Unknown, 18 million records estimated Type of Data: source code, API keys, passwords

WordPress

University of South Carolina

Date Reported: March 4Size: 31,000Type of Data: names, addresses, health records, financial data, Social Security numbersA "security problem" exposed the information of faculty, staff, retirees and students on eight USC campuses.

University of South Carolina

TripAdvisor, Expedia

Date Reported: March 24Size: unknownType of Data: user e-mailsThe "unauthorized" intrusion into TripAdvisors database affected only a portion of users, but the company was not very forthcoming about any details. As the worlds largest travel related site, its likely to have impacted many users.

TripAdvisor, Expedia

RSA Security

Date Reported: March 18Size: UnknownType of Data: "information related to SecurID technology"RSA Security may not be considered big in terms of actual records compromised, but the attack had wide-ranging repercussions, not only on the security company, but on all the enterprises and government agencies that rely on the SecurID two-factor authentication technology for their own security.

RSA Security

HuskyDirect.com, University of Connecticut

Date Reported: Jan. 11Size: 18,059 recordsType of Data: names, addresses, credit card numbers, e-mail addresses, phone numbersAn attacker was able to access the customer database and viewed information belonging to customers who bought UConn-branded sports gear.

HuskyDirect.com, University of Connecticut

Seacoast Radiology

Date Reported: Jan. 12Size: 231,400 recordsType of Data: patient names, social security numbers, addresses, phone numbersDespite the size, this was pushed down the list because it occurred in 2010 but was reported in 2011. This unusual breach happened in Nov. 12, 2010 when third-party intruders broke into the network to use the bandwidth to play Call of Duty. Its not clear whether they accessed the patient data.

Seacoast Radiology

Ankle and Foot Center of Tampa Bay

Date Reported: Jan. 29Size: 156,000Type of Data: names, dates of birth, addresses, social security numbers, health care services receivedThis was another 2010 incident reported in 2011. Hackers breached the centers network to access protected patient health information and personal data.

Ankle and Foot Center of Tampa Bay

Rocket Fuel