2AT&T Hack Exposes E-Mail Addresses
3Thieves Hit ECMC
Underscoring the intersection of IT security and physical security, an old-fashioned theft of two safes from the Education Credit Management Corporation endangered personal information belonging to 3.1million college students. Inside the safes were nearly 650 disks with student information belonging to the corporation, which services and insures college loans. The safes were recovered by police in Minnesota along with what is believed to be all of the disks.
4Hackers Tomahawk Apache
5Pirate Bay Heist
Argentinian hacker Ch Russo and two associates used numerous SQL injection vulnerabilities in the popular file-sharing Website to access the user database, exposing e-mails, user names and IP address information for more than 4 million users. Russo said neither he nor his cohorts did anything to alter ordelete information in the database.
A business logic flaw in a third-party program used by health insurer WellPoint opened up 470,000 customer records for exposure. Though the glitch was fixed in March, the company reportedly only learned of the vulnerability when a California customer sued after discovering she could get confidential information about other customers by manipulating Web addresses used in the program.
7iTunes Accounts Compromised
8Digital River Hack
Records for nearly 200,000 people were swiped from the servers of e-commerce company Digital River. The information included names, e-mail addresses and other data originally gathered by companies offering affiliated marketing programs. In May, the company got a court order to stop a New York man from selling, altering or destroying the data after he was caught trying to sell the information to a marketing firm for$500,000.
In April, the Department of Social Services in Virginia Beach, Va., revealed eight employees were fired or disciplined over the previous year for accessing confidential information about former employees, family members and clients. The violations ran the gamut from a boss who forced her employees to gather information from a state database about her husband’s child to a worker who checked the status of a dead client’s Medicaid benefits.
When Google announced in January it had been breached, it touched off months of controversy and accusations that reached around the world. The cyber-attack is believed to have run from mid-2009 to that December. The attack also affected dozens of other organizations, including Adobe Systems and Juniper Networks.