In Part 1 of this piece we introduced an infographic by the folks over at Information is Beautiful which details all the major cyberattack incidents in the last 10 years. In this 3-part series, we're taking a look at some of the more notable incidents discussed in the infographic. In the first part, we only got through 2006, and believe us, that's not even where cybercriminals started to get really creative. The following breaches represent a turning point in the world of cybercrime, when attacks went from being the occasional nuisance to being widespread and extremely damaging:
- T.J. Maxx (2007): Back in 2007, a hack on T.J. Maxx that compromised 45.7 million debit and credit cards was considered the largest ever at the time, as NBC reported. These days, it unfortunately seems like a breach with more than 50+ million stolen records is a pretty common thing, but in 2007 it was definitely cause for major alarm. Security experts at the time were left flabbergasted at the sheer scale of the criminal intrusion.
"It's not clear when information was deleted, it's not clear who had access to what, and it's not clear whether the data kept in all these files was encrypted, so it's very hard to know how big this was," said one such expert, Deepak Taneja, at the time.
The T.J. Maxx hack provided evidence that hackers were getting more advanced in their methods. As store officials reported, hackers apparently were able to circumnavigate the store's encryption network in order to gain access to privileged data. This means that they were able to commandeer the software that the store perhaps believed would protect it from any cyberattack. Representatives from the store expressed shock at the time that the attack had even happened.
"There is a lot of information we don't know, and may never be able to know, which is why this investigation has been so laborious," Sherry Lang, a spokesperson for the store, said at the time.
- GS Caltex (2008): For oil refinery GS Caltex, it wasn't an oil leak they had to worry about in 2008 – it was a data leak. The problem started when two multimedia discs that had company data on them found their way out into the street. How this happened isn't entirely clear but the repercussions were immediately evident: The discs contained information for 10.8 million customers. This data included highly privileged stuff like Social Security numbers and personal addresses of patrons. Fortunately for GS and its PR team, the information contained on the multimedia discs didn't contain banking details or credit card numbers, but the mere fact that customer information had literally found its way onto the street created a not-so-desirable situation for the business.
- The U.S. Military (2009): In 2009, the U.S. Military did a rather poor job of guarding its own data, since tens of millions of records regarding veterans were potentially compromised in a data breach incident, according to Wired. The problem lay in the fact that the agency hadn't taken the proper precautions with one of its hard drives before shipping it off. As a result, a hard drive that needed to be repaired was sent to a repair vendor with highly confidential information on it. This immediately created a potentially highly serious situation in which millions of veterans were suddenly at risk of having their identities swiped.
"This is the single largest release of personally identifiable information by the government ever," said an official at the time.
Follow us to the third part of this piece to read about more recent hacks that have really shaken things up.
