Security Breach Report: December 8, 2014
This is the first in a regular series of reports that will keep you in the loop about notable data breaches, physical security breaches, social engineering attacks, and cyber security breaches/cyber espionage. Here are some of the latest:
- Was Sony targeted by North Korea due to an upcoming movie release? This rapidly evolving story shows how a sophisticated and destructive piece of malware compromised personal and corporate data of Hollywood celebrities and thousands of Sony Pictures Entertainment employees, and resulted in a costly breach of intellectual property. A previously obscure hacking group calling themselves Guardians of Peace (GOP) took control of Sony Pictures’ corporate network on November 24 using malware written in Korean. North Korea denied direct responsibility, but indicated that “supporters and sympathizers” may have acted on its behalf in performing the “righteous deed.”
- In two separate breach incidents less than a month apart, missing computer servers compromised the protected health information of 48,000 and 75,000 Visionworks customers, respectively.
- A U.S. embassy employee in Yemen was bribed into issuing at least 50 fraudulent visas, allowing unauthorized individuals to enter the U.S.
- A varied group of websites of prominent media and retail companies were recently hacked in a worldwide operation attributed to the Syrian Electronic Army. Targeted sites included CNBC, The Guardian, UNICEF, NHL.com, Dell, and Forbes.
- A spreadsheet containing detailed personal and financial data of prominent Canadians was sent to the Canadian Broadcasting Corporation following an Access to Information Request it made with the Canada Revenue Agency. This incident, attributed to human error, is the CRA’s second major security breach this year.
- A Chinese citizen gained access to a secure machine room at Chunghwa Telecom, Taiwan’s largest telecom company. The citizen, who was given an unauthorized tour by a Chunghwa employee, took and posted photos of machines and equipment to a social media site.
- A former IT contractor stole more than $100,000 in computers, scanners, and other equipment from Franciscan Health System in Tacoma, Washington. The contractor kept his security badge, which remained active for months following the end of his assignment, and used it to access hospitals, administrative offices, and other facilities multiple times.
Want to prevent breaches? It takes more than mock phishing attacks.