Share, , Google Plus, Pinterest,

Print

Posted in:

Crime in the Cloud – The largest cloud data breaches

Over the past year, the world has been subjected to some of the worst cyber crimes ever committed.  Birth dates, photos, social insurance numbers, financial information, medical records and even fingerprints, all thought to be securely stored in the cloud have been unlawfully accessed and shared.

The latest cyber-attack on Hong Kong toy manufacturer VTech left the data of parents and children exposed. Included were names, addresses, and pictures of nearly 5 million adults and 200,000 children.

Anthem and Premera, two of America’s leading health insurance firms, were hacked in what is considered the biggest data heist of medical records in history. The technique and the design of the attack are linked to Deep Panda, a group of hackers based in China. With the nature of the data stolen, it is believed that this intelligence will be sold.

PPresent and past federal employees are in danger of having personal info misused as the United States OPM (Office of Personnel Management) has reported having been trespassed for almost a year by cyber criminals. The breach included information pertaining to 5 million fingerprints and 22 million employees (within the law enforcement agencies).

Much to the pleasure of Netizens, the Milan-based Hacking Team that markets data to governments for exploitation experienced a cyber attack themselves. This resulted in the group’s hacking scheme (via Flash player) exposed to the public. The hacker responsible posted gigabytes of information that showed transactions with governments with a history of eerie human-rights.

The website Ashley Madison, where married men and women can find partners for affairs, was hacked. Almost 10GB of data, including names, email addresses and contact information was leaked. This breach is a cause of concern for other corporations tied to the members of the site as possible victims of spear phishers. It may have also caused two users to commit suicide.

Additional breaches to cloud storage: 

mSpy

Method of entry:  Classified

Stolen Data: Communications history, consumer screenshots, location of 400,000 customers and geolocation information

Duration of the breach: Classified

How they got caught: Details of mSpy’s data were uploaded to Brian Krebs, a well-known investigative writer on cyber criminals, who posted about it

Why it is important: Illustrates the risk in working with a spyware company

Premera

Method of entry: Possibly downloaded malware from employees who were tricked to incorrectly input domain websites

Stolen Data: Personal details of 11 million people, included Social Security numbers, medical information, and financial credentials

Duration of the breach: May 5, 2014, to January 29, 2015

How they got caught: Classified

Why it is important: The traces left from the attack suggests it was done by Deep Panda, a Chinese group of hackers known for stealing data from energy, technology, and aerospace companies

Anthem

Method of entry:  The water hole attack was possibly used

Stolen Data: Sensitive information of 80 million people

Duration of the breach: Nine months

How they got caught: A systems admin discovered an account that was accessing databases without the owner of the account being aware of it

Why it is important: Along with the attack on Premera, which was discovered on the same day and possibly done by the same hackers, this was considered the biggest hack of medical information

Slack

Method of entry: Classified

Stolen Data: Contact information including Skype Ids, usernames, and passwords

Duration of the breach:  Four days

How they got caught: Part of the verification process Slack implemented in which it noticed sketchy movements in multiple accounts, it is widely unknown

Why it is important:  Customers from businesses and across various industries use Slack as a medium to effectively and safely work remotely with their partners.

IRS (Internal Revenue Service)

Method of entry: Illegally obtained details and information through the IRS refund and filing systems.

Stolen Data: 330,000 taxpayers’ details and records for counterfeit refunds.

Duration of the breach: Unknown.

How they got caught: The investigation began when high volumes of requested old tax returns kept coming in that was initially believed to be a DDoS attack by the IT department.

Why it is important: Tax records were stolen as well as millions of dollars, through fake refunds

T-Mobile

Method of entry: Classified

Stolen Data: Sensitive information such as addresses, names, Social Security numbers and other personal data

Duration of the breach: 15 days

How they got caught: Classified

Why it is important: It shows that users can be affected by the mishaps between their provider and the third party companies that those providers rely on

Hacking Team

Method of entry: A poorly constructed password (“Passw0rd”) of an engineer’s PC was accessed while it was connected to the network

Stolen Data: Source code, buyers and their details, and 400GB of internal files

Duration of the breach: Classified

How they got caught: The hackers took control of the company’s Twitter account and changed their handle to “Hacked Team”

Why it is important: It shed light into the group’s activities, plans, tactics and the groups of people they transact with