We have entered a golden age for the nefarious world of hackers. According to a recent study published by Verizon and the U.S. Secret Service, incidents of data compromise climbed more than 400 percent in 2010 from the previous year to 761 breaches.
Just in the past week, News Corp. has taken global heat after it allegedly hacked into phone records to score scoops, while its Fox News subsidiary had its Twitter feed hacked (publishing a report that President Obama was dead). Meanwhile, the hacker group Anonymous broke into an Apple site this weekend.
Many have made headlines for the sizes of the scores: More than 100 million Sony customers were affected last year when hackers scooped up data on their names, addresses, emails, login IDs, passwords, and credit-card numbers when the Playstation Network and Online Entertainment databases were breached. Hackers also collected the email addresses and passwords for 1.29 million Sega consumers and 1.3 million Gawker users, as well as email addresses and account numbers for 360,000 Citigroup cardholders.
“The last six months have been unprecedented,” says Josh Shaul, the CTO of Application Security, a Manhattan-based provider of database-security software. “Companies obviously aren’t doing enough to protect this kind of data that they’re storing.”
Attacks are also becoming more sophisticated. “High-impact attacks can be measured by not just the number of customer records breached,” says Joe Gottlieb, CEO of SenSage, a security-software company, “but by what new level of patience or sophistication was required.” Gottlieb points to the Lockheed Martin breach in May. Though there wasn’t a breach of any company or customer data and the company’s security team quickly detected the risk, hackers had to use extremely refined techniques to get as far as they did, and displayed considerable discipline to design and implement such a threat.
To put the severity of the recent cyberattacks in perspective, THE DAILY BEAST combed the data of decades of malicious activity online. Using the extensive statistics compiled by the Privacy Rights Clearinghouse and DataLossDB, we compiled a list of the largest breaches in terms of size (number of records breached).
As well, based on the insight of industry experts, we also considered the value of the type of data based on what it's worth on the black market and to the consumer. Data value was assigned based on a relative, weighted scale as follows:
- Billing history: The most valuable data, a record of your buying history and product preferences is extremely precious on the black market, as it enables scammers to approach you with targeted emails to get your credit-card information or install malware on your system. (Weighted value = 2)
- Social Security number: Not only does a SSN have extreme personal value, it can’t be replaced. An identity theft can take significant time and money to clear up. (Weighted value = 1.5)
- Email and password: With access to your password, hackers have access to a slew of valuable personal information. (Weighted value=1)
- Medical record: According to Shaul, the main value in medical records is for blackmail potential. (Weighted value=1)
- Credit-card number: The black market is flooded with credit-card numbers. Also, credit cards can be easily replaced, and the owner is usually not liable for fraudulent charges. (Weighted value=.5)