100 MILLION REASONS FOR ISO27001 |
|
"We don't need anyone to tell us how to protect our information!" you
might say. Really? Many others have thought that as well. See how wrong they've
been. ALL businesses have information they need to protect from theft, hacking, loss and damage. Whether it is stored on a Server or in someone's head, to loose it can be threatening to your business. Whether through being sued by your customers if you lose their personal information or simply because it it becomes almost impossible to produce your products or services as a result of a server melt-down. YOU NEED TO PROTECT YOUR DATA! See below for businesses that probably now wish they'd had a better system for considering potential risks and making suitable plans. ISO27001 could have helped by providing a method by which risks could have been considered and resources prioritised, along with ready-made controls and actions in the event of a problem occurring. Although many of the issues below were caused by deliberate acts of vandalism, some were caused or made worse through inadequate planning, lack of roll-back plans and a failure to communicate speedily and effectively with the people who were affected, it seems. Too late for these businesses. What about yours? |
|
RECENT HACKING LIST (Links to full storey for each incident are in the section below this list) 21st November 2011 - Hackers hit US water treatment systems. 18th November 2011 - Hackers attack Norway's oil, gas and defence businesses. 18th November 2011 - US body to probe China telecom firms on security threat. 10th November 2011 - US cyclist Landis guilty of using hacker to spy on lab 2nd November 2011 - French satirical paper Charlie Hebdo offices attacked & web site hacked 14th October 2011 - Hollywood hacker Christopher Chaney apologises to celebrity victims 12th October 2011 - Sony locks 93,000 online accounts after security breach 18th August 2011 - Hackers target Baay Area Rapid Transport police agency. 4th August 2011 - Paul McCartney tells US Media that he appears to be a victim of phone hacking 4th August 2011 - Heather Mills tells Newsnight that Mirror Newspaper Group journalist admitted hacking her voicemails 3rd August 2011 - Governments, International Olympics Committee and United Nations hit by massive cyber attack 18th July 2011 - Lady Gaga's UK web site hacked. Names and email addresses stolen. 14th July 2011 - Rupert Murdoch's News Corporation drops its bid for BSkyB following disclosures of phone hacking by News of the World of murder victim's mobile phone and allegations of hacking of phones belonging to 9/11 victims. 11th July 2011 - At least 95,203 records were obtained by hackers from Toshiba Corporation, the National Assembly of Pakistan, Booz Allen Hamilton, and Monstanto Company. 9th July 2011 - Kiplinger Washington Editors revealed that 142,000 records of usernames, emails, passwords, and encrypted credit card numbers were stolen from their possession. 8th July 2011 - German Federal Police hacked by NN-Crew. User names and passwords of police officers was leaked, along with suspect's phone numbers, licence plates etc. 7th July 2011 - 31 records with full names users, email addresses were leaked from the Stevens Institute of Technology. 30 June 2011 - T&T Supermarket loses up to 58,000 records of customers and job applicants 30 June 2011 - Arizona Department of Public Safety supposedly lost names, addresses, phone numbers, passwords, SSN numbers, online dating account information, voicemails, chat logs, and pictures of some officers' girlfriends 28 June 2011 - Groupon's Indian subsidiary, Sosasta, which exposed 300,000 email accounts and passwords. 24 June 2011 - Travelodge's customer data stolen 22 June 2011 - Tesco Bank customers still unable to access online accounts 22 June 2011 - Brazilian Government & President websites hit by LulzSec 20 June 2011 - Bitcoin hacked. Currency value crashes 20 June 2011 - Serious Organised Crime Agency web site attacked 17 June 2011 - Sega Pass customer details hacked 16 June 2011 - LulzSec 'takes down' CIA website 13 June 2011 - Spanish Police hit by 'Anonymous' hackers 12 June 2011 - IMF (International Monetary Fund) hit by 'major' cyber attack 10 June 2011 - Codemasters reveals thousands of records stolen 7th June 2011 - Gannet Government Media Corp lost names, passwords, emails, duty status, pay grade, and branch of service of various military personnel 5 June 2011 - Sony Pictures Russia database leaked 3 June 2011 - Sony Europe database leaked 3 June 2011 - 10,000 Iranian government e-mails stolen by Anonymous 2 June 2011 - Sony Pictures database leaked 1 June 2011 - Defence group L-3 discloses it was hit in attack 1 June 2011 - Google reveals Gmail attack 29 May 2011 - Honda Canada reveals 283,000 records stolen 27 May 2011 - Lockheed Martin reveals it has been hit by a hack attack 8th Nov 2010 - Royal Navy website attacked by Romanian hacker 3 Nov 2010 - Google in 'significant breach' of UK data laws And there's so much more.... |
|
21st November 2011 - Hackers hit US water treatment
systems. http://www.bbc.co.uk/news/technology-15817335 Hackers have destroyed a pump used to pipe water to thousands of homes in a US city in Illinois. Hackers with access to the utility's network are thought to have broken the pump by turning it on and off quickly. The FBI and Department for Homeland Security (DHS) are investigating the incident as details emerge of what could be a separate second attack. In this case, the hacker (Pr0f) said the hack of the South Houston network barely deserved the name because only a three-character password had been used to protect the system. Experts said the news revealed a growing interest in critical infrastructure by cyber criminals. |
|
18th November 2011 - Hackers attack Norway's oil, gas
and defence businesses. http://www.bbc.co.uk/news/technology-15790082 Oil, gas and defence firms in Norway have been hit by a series of sophisticated hack attacks. Industrial secrets and information about contract negotiations had been stolen, said Norway's National Security Agency (NSM). |
|
18th November 2011 - US body to probe China telecom
firms on security threat. http://www.bbc.co.uk/news/business-15786743 US legislators have launched a probe into Chinese telecom firms amid growing concerns over cyber espionage. The committee has named Huawei and ZTE as two of the companies that it is probing. |
|
10th November 2011 - US cyclist Landis
guilty of using hacker to spy on lab http://www.bbc.co.uk/news/world-europe-15673321 Disgraced Tour de France winner Floyd Landis has been given a one-year suspended jail sentence for using a hacker to spy on an anti-doping lab. Prosecutors accused the pair of using the hacked documents to prepare their failed legal challenge to the Tour de France disqualification. |
|
2nd November 2011 - French satirical paper Charlie Hebdo
offices attacked & web site hacked http://www.bbc.co.uk/news/world-europe-15560790 Charlie Hebdo's website has also been hacked with a message in English and Turkish attacking the magazine. |
|
14th October 2011 - Hollywood hacker Christopher
Chaney apologises to celebrity victims http://www.bbc.co.uk/news/world-us-canada-15304836 A Florida man has apologised for hacking into the private emails and personal accounts of Hollywood celebrities. Christopher Chaney, 35, of Jacksonville, was arrested and charged on Wednesday following a year-long FBI investigation. |
|
12th October 2011 - Sony locks 93,000 online
accounts after security breach. http://www.bbc.co.uk/news/technology-15273175 Sony has locked around 93,000 accounts on its PlayStation Network and SOE games service after unauthorised sign-in attempts. Unknown attackers managed to verify members' IDs and passwords. The Japanese firm has suffered numerous security lapses over the past year. |
|
18th August 2011 http://www.bbc.co.uk/news/world-us-canada-14568160 Hackers have launched another attack on a transport agency that cut off mobile phone services at San Francisco stations last week to prevent protests. Hacking group Anonymous announced on Twitter that the private data of 102 Bay Area Rapid Transit Police (Bart) police had been leaked. Bart police have been criticised for shooting dead a homeless man in July. |
|
4th August 2011 http://www.bbc.co.uk/news/uk-14413656 Sir Paul McCartney has told US media he appears to be a victim of phone hacking and will go to the police. Speaking from Ohio, he told journalists phone hacking was "a horrendous violation of privacy". "When I go back [to Britain] after this tour, I am going to talk to the police because apparently I have been hacked," he said. |
|
4th August 2011 http://news.bbc.co.uk/1/hi/programmes/newsnight/9556130.stm Heather Mills tells Newsnight that Mirror Newspaper Group journalist admitted hacking her voicemails |
|
3rd August 2011 http://www.bbc.co.uk/news/technology-14387559 Governments, International Olympics Committee and United Nations hit by massive cyber attack. IT security firm McAfee claims to have uncovered one of the largest ever series of cyber attacks. It lists 72 different organisations that were targeted over five years, including the International Olympic Committee, the UN and security firms. |
|
18th July 2011 http://www.bbc.co.uk/newsbeat/14184118 Lady Gaga's UK music website has been hacked, her record company Universal has confirmed. The firm said "The hacker took a content database dump and a section of email, first and last name records were accessed. All those affected have been advised of the intrusion into our sites. We also informed the Information Commissioner's Office, the police and our trade body, the BPI." |
|
14th July 2011 http://www.bbc.co.uk/news/uk-politics-14162268 Rupert Murdoch's News Corporation drops its bid for BskyB following disclosures of phone hacking by News of the World of murder victim's mobile phone and accusations of hacking of phones belonging to 9/11 victims. |
|
11th July 2011 The Toshiba America Consumer Products (TACP) website was hacked by a hacker named V0iD. According to the DataLoss DB there were 11 admin emails and plain text passwords, 784 user emails and plain text passwords, and the names, emails, and plain text passwords of more than two dozen resellers. According to an article by Softpedia, there were 14 user tables, one containing 5,203 records, though V0iD only pasted a total of 800 accounts on PasteBin. V0iD also hacked the National Assembly of Pakistan posting the usernames and passwords of 7 admin accounts and the phone numbers of 13 accounts on PasteBin. The attack on Monsanto is supposedly the beginning of Operation Green Rights, Project Tarmageddon, targetting companies responsible such as "Exxon Mobil, ConocoPhillips, Canadian Oil Sands Ltd., Imperial Oil, the Royal Bank of Scotland, and many others," according to their press release and a video posted on YouTube. According to a CNET article the names, addresses, phone numbers, and place of work of 2,5000 individuals were posted on PasteBin. Their post states they are attacking Monstanto because of their "downright evil business practices." According to the CNET article this act was specifically "to protest lawsuits the company filed against organic dairy farmers for stating on labels that their products don't contain growth hormones." |
|
9th July 2011 Kiplinger Washington Editors revealed that 142,000 records of usernames, emails, passwords, and encrypted credit card numbers were obtained by hackers, as a Bloomberg article notes. |
|
8th July 2011 The German Federal Police (Bundespolizei) was hacked by the group NN-Crew. Information on GPS location coordinates, license plate numbers, suspects' telephone numbers, and the usernames and passwords of police officers was collected and available on their website. The Bundespolizei stated that no investigation data was published and that the data obtained was from a server for customs officials that is used with the PATRAS tracking system, which has now been temporarily shut down. |
|
7th July 2011 The Stevens Institute of Technology was hacked by @p0keu. At least part of its database leaked on PasteBin containing 31 records with the full names of users, email addresses, and plain text passwords. |
|
30th June 2011 T&T Supermarket loses up to records of up to 58,000 customers and job applicants. http://www.nsnews.com/Hackers+pillage+personal+info+from+West+Vancouver+supermarket+website/5002644/story.html An unknown number of customers of Park Royal’s Osaka Supermarket may have had personal information stolen after hackers struck the store’s parent website. The attacks against customers and suppliers took place on June 6, 7, 11, and 14-17 which redirected customers ordering online or job applicants to a malicious site which caused malware to be downloaded onto the user’s computer, which in turn recorded their personal information and sent it back to the intruder. |
|
7th June 2011 Gannet Government Media Corp lost names, passwords, emails, duty status, pay grade, and branch of service of various military personnel. http://ca.reuters.com/article/technologyNews/idCATRE75R7OH20110628 The organization produces defence News and other publications tailored to the US Army, Navy, Air Force and Marine Corps, according to Reuters. Gannett told subscribers via email that it discovered the breach of its Gannett Government Media Corp on June 7. The attackers accessed subscribers' names, passwords and email addresses, the company said. They also obtained data on the duty status, pay grade and branch of service of some readers who serve in the military. The information included subscribers to Defense News -- one of the world's most widely read publications covering the defence industry -- as well as publications aimed at soldiers serving in the U.S. Army, Navy, Air Force and Marine Corps. |
|
30th June 2011 Arizona Department of Public Safety. Arizona police targeted in Cyber-attack. http://www.ibtimes.com/articles/171888/20110630/arizona-hackers-second-time-personal-details-emails-passwords-documents-attack-similar.htm A hacking group on Wednesday posted Arizona law enforcement officers' personal details in a series of ongoing cyber attacks that has targeted government sites, banks and corporations around the world. The agency supposedly lost names, addresses, phone numbers, passwords, SSN numbers, online dating account information, voicemails, chat logs, and pictures of some officers' girlfriends. |
|
28th June 2011 Groupon's Indian subsidiary, Sosasta, which exposed 300,000 email accounts and passwords. http://www.webpronews.com/is-groupon-losing-its-edge-2011-06 and http://www.theregister.co.uk/2011/06/28/groupon_india_privacy_breach/ Groupon subsidiary Sosasta.com accidentally published a database containing the email addresses and clear-text passwords of 300,000 users and the cache was indexed by Google. The trove of personal data was discovered by Australian security consultant Daniel Grzelak as he plugged a handful of query terms into the search engine, he said Tuesday. He contacted Patrick Gray with security blog Risky Biz, which reported that the SQL database contained the details for 300,000 Sosasta account holders. Apparently, the emails were discovered by Mr Grzelak by searching for "filetype:sql", "password", and "gmail." He then posted on Twitter that he had notified Risky Business. |
|
24th June 2011 Travelodge's customer data stolen http://www.bbc.co.uk/news/technology-13900831 Travelodge is investigating an apparent hacking attack on its customer database. A spokesperson for the hotel chain said that a "third party" had managed to obtain names and e-mail addresses. The company warned users of its online service to be on the lookout for spam e-mails. The incident has been reported to the UK's information commissioner who can fine businesses for poor data protection. A letter to customers, signed by the Travelodge's chief executive Guy Parsons, contained little information about the nature of the leak, although it stressed that the company had not sold users' personal data to anyone else. |
|
22nd June 2011 Tesco Bank customers still unable to access online accounts http://www.bbc.co.uk/news/uk-scotland-scotland-business-13877967 Tesco Bank admits some customers are still unable to access online accounts, despite earlier claims a computer glitch had been fixed. Tesco's website was hit by technical problems at the weekend after the bank updated its computer systems. It later apologised to customers and said the issue had been sorted. But Tesco has now admitted some customers are still unable to access their cash online. |
|
22 Jun 2011 Brazilian Government & President websites hit by LulzSec http://www.bbc.co.uk/news/technology-13878888 The websites of the Brazilian government and President have fallen victim to hacker group Lulz Security. In the past month, it has attacked the UK's Serious Organised Crime Agency, the US Senate, Sony, and the broadcaster PBS, as well as a number of games companies. |
|
20 June 2011 Bitcoin hacked, causing its value to collapse, according to one of its senior developers. http://www.bbc.co.uk/news/technology-13857192 Prices on the main exchange, Mt.Gox, fell from $17.50 (£10.80) to almost zero when a large number of stolen Bitcoins were dumped on the market. Trading was suspended and eventually rolled back to pre-crash rates. Mt.Gox revealed details of the security breach on June 20 with an announcement on its website. 'the problem was caused by security failings at Mt.Gox'. |
|
20 June 2011 Serious Organised Crime Agency web site attacked http://www.bbc.co.uk/news/technology-13879678 A 19-year-old Essex man has been charged with five computer offences, including attacking the Serious Organised Crime Agency's website on 20 June. It is alleged he attacked the website of the International Federation of the Phonographic Industry in November 2010. He also allegedly attacked the British Phonographic Industry's website in October. |
|
17th June 2011 Sega Pass customer details hacked http://www.bbc.co.uk/news/technology-13815225 Sega has told gamers that some of their personal information may have been stolen following an attack on its systems. E-mail addresses and dates of birth stored on the Sega Pass database were accessed by hackers. |
|
16th June 2011 LulzSec hackers claim CIA website shutdown http://www.bbc.co.uk/news/technology-13787229 The CIA website was inaccessible at times on Wednesday. The hacker group Lulz Security claims it temporarily brought down the public-facing website of the US Central Intelligence Agency. |
|
13th June 2011 Spanish Police hit by 'Anonymous' hackers http://www.bbc.co.uk/news/technology-13749181 The attack on the site was carried out in retaliation for the arrest of three Spanish men the police claimed were 'core' members of the group. The hackers managed to keep www.policia.es offline for about an hour from 2130 GMT on 12 June. |
|
12th June 2011 IMF hit by 'major' cyber attack http://www.bbc.co.uk/news/world-us-canada-13740591 The International Monetary Fund says it was targeted earlier this year, causing "a very major breach" of its systems. |
|
10th June 2011 Personal data stolen from UK developer Codemasters http://www.bbc.co.uk/news/technology-13731822 The personal details of thousands of people have been stolen after hackers targeted British games developer Codemasters. The firm described the data theft as "significant" saying names, addresses, phone numbers and dates of birth were all taken on 3 June. |
|
9th June 2011 Hackers warn NHS over security http://www.bbc.co.uk/news/technology-13712377 A hacker group has warned the NHS that its computer networks are vulnerable to cyber attack. But the Department of Health was quick to deny that any patient information was at risk. |
|
9th June 2011 Citibank confirms hacking attack http://www.bbc.co.uk/news/technology-13711528 Hackers have stolen data from thousands of Citibank customers in the US, the bank has confirmed. The breach exposed the names of customers, account numbers and contact information. |
|
6th June 2011 Nintendo server hit by hackers http://www.bbc.co.uk/news/business-13663814 Nintendo has become the latest company to suffer an online security breach due to an attack by hackers, Lulz Security. The Japanese game company said that a server of one of its affiliates in the US was attacked by the group some weeks ago. |
|
3rd June 2011 Sony investigating another hack http://www.bbc.co.uk/news/technology-13642145 Lulz Security claims to have broken into Sonypictures.com and accessed details of a million users. Passwords, home addresses and other personal information relating to several thousand of the accounts was released online. It is the third major hack to hit Sony since April when the PlayStation Network was targeted and the details of 77 million users compromised. |
|
3rd June 2011 Sony network suffers hack attack http://www.bbc.co.uk/news/technology-13639836 A hacker group says it has stolen one million passwords and email addresses from Sony network users. |
|
25th May 2011 Sony reports online security breach on various websites http://www.bbc.co.uk/news/business-13537128 The Japanese electronics giant Sony has reported fresh hacking attacks on a number of its websites. The company said that personal data of 2,000 consumers was stolen from a Sony Ericsson website in Canada, while details of 8,500 users were leaked on Sony Music Entertainment website in Greece. The company said e-mails, passwords and phone numbers of users were stolen. |
|
19th May 2011 Sony faces further security woes http://www.bbc.co.uk/news/technology-13454201 A website set up by Sony to allow users to reset their passwords following last month's hack attack is itself subject to a security alert. |
|
19th May 2011 Nasa loses data to TinKode |
|
17th May 2011 Net pirate monitoring firm hacked http://www.bbc.co.uk/news/technology-13422508 A firm employed by the French government to track down net pirates has been hacked |
|
13th May 2011 Final Fantasy maker Square Enix hacked (EIDOS and Deusex - Japan and Canada) http://www.bbc.co.uk/news/technology-13394968 Hackers have broken into two websites belonging to Japanese video games maker Square Enix. The company confirmed that the e-mail addresses of up to 25,000 customers who had registered for product updates may have been stolen as a result. Resumes of 350 people applying for jobs in its Canadian office could also have been copied from the web servers. |
|
3rd May 2011 Sony warns of almost 25 million extra user detail theft http://www.bbc.co.uk/news/technology-13256817 A further 25 million gamers have had their personal details stolen as a result of security breaches at Sony. As well as the Playstation Network, which has been down since 20 April, the company has now taken its Sony Online Entertainment (SOE) service offline. |
|
2nd May 2011 Sony suspends SOE gaming following PlayStation hack http://www.bbc.co.uk/news/technology-13260041 Sony has suspended another of its online gaming systems, following the recent PlayStation Network hack. The company took the Sony Online Entertainment (SOE) service offline as part of its wider investigation into security breaches. Sony admitted last week that the personal details of 77m PlayStation users may have been stolen by hackers. |
|
28th April 2011 Sony faces legal action over attack on PlayStation network http://www.bbc.co.uk/news/technology-13192359 Sony admitted that the personal details of 77m PlayStation users may have been stolen by hackers. |
|
25th April 2011 PlayStation outage caused by hacking attack http://www.bbc.co.uk/news/technology-13169518 |
|
6th April 2011 Marks and Spencer customers hit by Epsilon hack http://www.bbc.co.uk/news/technology-12983177 Marks and Spencer customers have been warned to expect an increase in spam e-mail after hackers stole their details. The company has contacted users of its online service to warn them about the data breach, which was part of a wider attack on marketing firm Epsilon. |
|
18th March 2011 Hackers steal "millions" of ID tokens from RSA Security http://www.bbc.co.uk/news/technology-12784491 Hackers have stolen data about the security tokens used by millions of people to protect access to bank accounts and corporate networks. |
|
10th February 2011 Hackers hit 'at least' five oil and gas firms http://www.bbc.co.uk/news/technology-12416580 Hackers have run rampant through the networks of at least five oil and gas firms for years, reveals a report. Compiled by security firm McAfee, it details the methods and techniques the hackers used to gain access to the unnamed multinational firms. |
|
8th November 2010 Royal Navy website attacked by Romanian hacker http://www.bbc.co.uk/news/technology-11711478 The Royal Navy's website has been hacked by a suspected Romanian hacker known as TinKode. |
|
3 Nov 2010 Google in 'significant breach' of UK data laws http://www.bbc.co.uk/news/technology-11684952 There was a "significant breach" of the Data Protection Act when Google collected personal data via its Street View cars, the UK's Information Commissioner has ruled. The Information Commissioner's Office (ICO) will audit Google's data protection practices. |
on August 18 2011