With July being the official halfway mark in the year, it’s safe to say that 2017 is giving us both the expected and not-expected hacks and breaches, hitting every industry and affecting just about every country in our world. And this is coming at a pretty high cost. According to a report released by Lloyd’s of London, a major, global cyber attack can trigger about $53 billion of financial losses; a number equivalent to the financial loss of a disastrous natural disaster.
Looking at July
05.07 The month began with the AA, a UK car insurance company, leaving 13GB of customer information online, unsecured. Security researcher Troy Hunt first brought this breach to light on his Twitter account with this tweet and according to the BBC, the data was left exposed online for a few days back in April. According to the AA, this happened due to a “server misconfiguration” and that the data is not sensitive. Yet, the data left vulnerable included around 117,000 email addresses and final four digits of credit cards. Inspired by this breach, Troy released a brilliant blog post covering the 5 stages of data breach grief, which you can read here.
11.07 Cyber criminals launched a phishing scheme targeting the energy sector. This attack used phishing emails which included malicious Word attachments to download a template file via an SMB connection, which would be used to harvest credentials without being detected.
12.07 Verizon confirmed a breach compromising around 6 million records. The records were compromised by Nice Systems, a Verizon partner that assists with Verizon’s customer service calls. The records were accessed via an unprotected Amazon S3 storage server controlled by Nice Systems.
13.07 In a data breach part of a cyber attack on Saber Corp service provider, Trump International Hotels said that credit card payment info has been compromised from 14 of its properties.
25.07 Military secrets and the identity of nearly all Swedish citizens leaked in a massive data breach, as Sweden’s entire vehicle and license register was uploaded to a cloud and then emailed to marketers in plain text. Among the tons of private information, the registered included information on citizens in witness protection programs and information, including the “type, model, weight, and any defects”, on military and police vehicles.
28.07 Italy’s largest bank, UniCredit, have reported two data breaches impacting over 400,000 customers. The first of the breaches occurred in between September and October 2016, and the second breach occurred around June and July of this year. The bank put blame on a third-party provider for both the data breaches, and the bank confirms that while very sensitive data (such as passwords) was not exposed, personal data such as IBAN numbers may have been accessed.
Viewing on a mobile? Click the infographic to enlarge.
Arden is the social media manager and a content writer at Checkmarx. Her blogs focus on cyber security trends and the latest developments in the world of AppSec. She aims to educate and inspire developers, security professionals, and organizations to find the best defense against online threats.