Introduction
There’s not a week that goes by when we don’t hear about another security breach on a large corporation or enterprise.
Billions of personal details have been stolen, and counting.
What can we learn about these breaches for our own business?
In this post, we’re going to go into details on some of the biggest security breaches in history, how they happened and how to protect your business against the same form of attack.
As a bonus, I’m going to tell you all about the cool tool that you can check to see if your details have been stolen.
Number 3: Exactis
Exactis is a marketing company that primarily works on data aggregation. Negligence on their part led to three hundred and forty million records being breached.
A security expert spotted an open database on one of their public servers back in 2018.
Whilst the data was not hacked; it was just sitting there waiting to be found.
How do you protect your business from this type of scenario?
Make sure you know where your data is stored and who has access. Implement a policy on any new IT infrastructure or cloud services that are being installed in the business and have some form of auditing on where data is located.
Number 2: Marriott Hotels
I’m sure you’ve stayed at one of the Marriott group hotels in the past. These include:
- Regis
- The Luxury Collection
- W Hotels
- Sheraton
- Westin
- Le Meridien
- Tribute Portfolio
- Design Hotels
- Four Points
- Aloft
- Element
Five hundred million customer records were breached between 2014 and September 2018.
These were collected via ongoing independent hacks over a prolonged period. It’s shocking it was not spotted sooner.
What can we learn from these type of attacks?
Make sure your IT security can scale with the size of your business and systems you have. Marriot had both web portals, point of sale machines and internal databases hacked. Anytime you add a new system into your technology stack, a new security risk is created. Make sure you include all systems in an IT security audit.
Number 1: Aadhar
This may not have heard of this organization, but it’s a large government agency based in India.
In total, 1.1 billion Indian residents personal details were breached including their social security number (ID number).
It turns out their database system was running what’s known as an API – this is just a way for two different systems to speak to each other. The API was not secure, and data was being leaked to outside sources.
What can we learn here? Well, there are a lot of these API’s in use, and if you are using any services that hook into products like Office365 or G-Suite, then an API is likely being used. Make sure any services you sign up with that use an API is secure and legitimate. The best way to check is by asking us, or another cybersecurity professional.
Bonus
As promised we have a bonus – the above companies mentioned are only a few of the biggest security breaches – there are many more.
You can check to see if your personal or business account has been hacked by using this free tool: have i been pwned
This tool checks your company email address or personal address against a database of information that is actively being sold for profit on the dark web.
If you have had an account breached or would like to secure your IT systems, please click here to email us.
Get in touch with us
Secutor Cybersecurity is a trusted partner comprised of industry leading experts in the fields of Cybersecurity and Governance, Risk and Compliance. We partner with our clients to deliver on-demand solutions tailored to expertly navigate the regulatory demands of their specific industries.
Our proven track record of successfully exceeding client expectations is achieved through the combination of our methodical approach, advanced technologies, subject matter experts, and synergy with client team members.
Secutor is your team of world-class problem solvers with vast expertise and experience delivering complete solutions keeping your organization protected, audit-ready, and running smoothly.