According to some estimates, cybercrime causes 600 billion dollars a year in financial losses. And despite lessons from past incidents, players in all verticals still incur massive damage every year as a result of breaches by hackers.
If 2017 had ransomware written all over it, this year is harder to paint in a distinct “shade” of malware. 2018 has been riddled with incidents of all types and magnitudes, with some of the world’s biggest money makers falling victim to some of the most embarrassing attacks.
Today we’re going to look at five of the most important security incidents of the year, starting with…
British Airways – 380,000 affected customers
The UK’s largest airline tweeted on September 6 that:
“We are investigating the theft of customer data from our website and our mobile app, as a matter of urgency.”
On its website, BA said the stolen data included personal and financial details of customers making bookings and changes on ba.com and the airline’s app. Hackers pilfered names, email addresses and credit card information – including card numbers, expiration dates and the three-digit CVC code required to authorize payments. In other words, everything they’d need to conduct phishing campaigns and fraud against the 380,000 affected customers. BA advised customers to immediately contact their banks and follow their recommendations.
Facebook – 50 million compromised accounts
Facebook’s announced that a daisy-chained vulnerability in the View As feature let an unknown party steal authentication tokens of 50 million users. Personal data affected by the hack extended to private posts, conversations, check-ins, pictures sent via chat, and much more. If the attackers ever decide to make them public, marriages will get broken, friendships will end abruptly, and sensitive pictures will flood the Internet. Facebook has since addressed the flaw, but that’s of little comfort to those whose data is already in the wrong hands. The social network is now looking at a penalty exceeding one billion euros under the GDPR.
Aadhaar – 1.1 billion records exposed
At the beginning of the year, India's national ID database, which is the world’s largest biometric ID program, suffered a data breach that affected more than 1.1 billion registered Indian citizens. Anyone in the Aadhaar database can use their fingerprint or iris scan to open a bank account, buy a SIM card, enroll in utilities, or receive financial assistance. Companies can tap into the Aadhaar database to identify their customers. One such company is state-owned utility Indane. In March, a vulnerability in its systems allowed anyone to download private information on all Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and information about services they are connected to, like their bank.
Quora – 100 million users affected
At the beginning of December, question-and-answer website Quora issued an urgent warning to 100 million users, notifying them that hackers took their data in a breach. Attackers got names, email addresses, IP addresses, user IDs, encrypted passwords, user account settings, personalization data, public actions and content, including questions and answers. Data imported from linked networks, including contacts, demographic information, and interests, was also leaked. Quora invalidated the passwords of affected users as a precaution, forcing them to change their passwords.
Marriot – 500 million records
In late November, the world’s largest hotel chain discovered it had been the target of a sophisticated operation in which hackers exfiltrated personal and financial data of half a billion customers over four years.
The data included name, mailing and email address, phone and passport number, date of birth, gender, arrival and departure dates, guest information, and more. For some customers, the leaked data also included encrypted payment card numbers and payment card expiration dates.
Data breaches are heavily punishable by law, and never have the stakes been higher than today. Moving into 2019, businesses would be smart to consolidate their security posture to avoid hefty fines and irreparable damage to their image.