Famous Data Security Breaches (and how they could’ve been avoided)

Most of us put our trust in the companies, both online and in person, that hold on to our secure information. Unfortunately computer hackers outmaneuver the security processes required by state and national laws and end up costing companies millions of dollars, but most importantly, confidential consumer information. The following famous data security breaches show vulnerabilities companies possess that allow hackers an all-access pass.

Case #1: Heartland Payment Systems, 2009

In 2009, cyber gurus broke into Heartland Payment Systems to expose 134 million credit cards. Heartland, which was processing about 100 million transactions each month for 175,000 merchants, was notified about the data security breach when Visa and MasterCard suspected suspicious transactions.

How it could’ve been avoided:

The Gramm-Leach-Bliley Act’s (GLBA), protects the confidentiality and security of consumers by requiring data security practices. Intelligent hackers can often outsmart the systems required by GLBA, but Heartland was reported to have instances of malicious software in their network in the past, which is an obvious sign to improve network security.

Case #2: US Department of Veteran Affairs, 2009

This >data security breach was a huge wake up call to the many people who on a daily basis throw out hard drives without getting them properly erased. In this instance, the personal information of 76 million veterans was exposed after a hard drive containing health records, discharged papers and millions of social security numbers got sent to recycling without proper removal.

How it could’ve been avoided:

Too many places offer data destruction services but aren’t qualified to properly destroy hard drives. The purpose isn’t just to get rid of a hard drive, but rather safely discard confidential information often found on the device. DataShield, among other companies, is certified by the National Association for Information Destruction, guarantees the qualification of certified information destruction.

Case #3: Gawker Media, 2010

Gawker, an online media company and blogging network, created an easy path to a data security breach when thieves gained access to email addresses and passwords of about 1.3 million contributors to Gawker’s popular blogs, such as Lifehacker, Gizmodo, and Jezebel. The simple format to which the company’s content management system was built allowed hackers to steal log in information.

How it could’ve been avoided:

Kevin McAleavey, an expert in computer system exploitation, said that many users of Gawker had the same log in information for email and Twitter, and this consistency made it easy for accounts to get hijacked and then spammed. It’s important for company security systems to constantly be updated and securely maintained, but users can help too by protecting the security of their own accounts.

Protecting a company’s security depends on an updated system of firewalls, antivirus software, secure passwords and email scans.

To guarantee your company against data security breaches like these, contact DataShield for company compliance training, electronic recycling, data destruction and secure paper shredding.

Start protecting your documents and data now.