The year is about to finish, and we all are ready for the final countdown to welcome to the New Year. It is time to review the famous cyber-attacks...

The year is about to finish, and we all are ready for the final countdown to welcome to the New Year. It is time to review the famous cyber-attacks that took part on this finishing year:

February: The American health insurer Anthem Inc. was hit by a "very sophisticated" cyber-attack that allowed hackers to access 80 million customer records on their database. Among this information are names, birth dates, medical IDs, physical addresses and employment details. Apparently no debit/credit card information was stolen, or at least there is no evidence of it.

May: Bettys Café Tea Room, a chain originally from Yorkshire, suffered a cyber-attack that might be affected over 120,000 customers who used the site to make online orders. According to their director, the attack was possible due to "an industry-wide software weakness, which allowed someone to illegally access the Bettys website database". The good news is no credit or debit card details had been exposed, as this information was stored in a different system. Bettys’ data breach is an example of no matter what your company does or how big it is, we all can suffer a cyber-attack.

26 June: A cyber-attack on the Edinburgh City Council database resulted on about 13,000 email addresses stolen. Hackers gained access to the council’s service provider, which is based in England, and got the addresses from the system. According to the local authority, the hacked files contained "details of customers seeking debt advice". No other council system was affected and it believed no other information was stolen.

5 July: "Hacking Team", a spyware development company based in Milan (Italy), is hacked and about 400 gigabytes of their internal data was exposed on the Internet by unidentified hackers. The most of people had never heard of Hacking Team before this incident, is because they developed a tool named "Remote Control System" that does precisely that, spy on you by controlling your camera and microphone of your electronic devices. Among their clients were Governments and Law Enforcement agencies worldwide. The attack was possible due to poor security implementation and usage of weak passwords.</>

15 July: Some bad news for cheaters when "Ashley Madison" was hacked by "The Impact Team". Ashley Madison is a popular online dating website for married people. If you like watching TV at midnight you probably had seen their commercial and heard its tagline: "Life is short, have an affair". Problems for their users came one month later, with the first release of information. Lots of user email addresses were exposed bringing troubles such as extortion emails and two unconfirmed reports of suicides according to the Toronto Police Department. One last fact, analyzing the information leakage o the attack, over 70,000 fake female accounts were found on the site, with the proposal of encourage male users to keep using the site.

21 July: Wired magazine reported how hackers could break into the onboard computers of Fiat Chrysler smart vehicles. The tests were done for two security experts, Charlie Miller and Chris Valasek, who demonstrated how they could manipulate a set of different features of the car from miles away, such as air conditioning, radio, screen, transmission, steering and even brakes! Scary! They concluded that this could have been used to perform an attack that resulted in death. Fiat Chrysler said this vulnerability was due to a defect on the car’s software, that had to then update across some models as quickly as they could.

July: Data breach at the US Office of Personnel Management (OPM) that originated in China and resulted in exposing over 21.5 million records containing names, addresses, and social security numbers. A month later they figured out the attack was worse than they thought, when they discovered 5.6 million fingerprints were lost in the same attack.

25 July: July seems like the winner month, maybe because summer is a good time for hacking. This time was the Internet security firm Bitdefender. They admitted to have a data breach of customer usernames and passwords after someone compromised a cloud based system. According to bit defender, the attack only exposed a few accounts, and the origin is still up for debate. However, a hacker under the alias of "detoxransome" took credit for the cyber-attack on Twitter and tried extortion by tweeting: "@bitdefender i want 15,000 us dollars or i leak your customer base".

August: The Carphone Warehouse suffered a data breach that exposed details of 2.4 million customers. Sadly this time there were credit card records involved, up to 90,000 were stolen. Despite Talk Talk no longer being owned by Carphone Warehouse, it’s a separate company now, 480000 Talk Talk Mobile customers were affected by this breach.

October: Talk Talk data breach was published in October. If you haven’t heard of it you probably are not living in the UK, and even living abroad you might have heard of it. The company made a very quick decision to warn all of its customers that their vital data was at risk, this can give you an idea of how serious this attack was. In fact there were several customers on the media complaining that someone had stolen money for their bank accounts. Some of my friends couldn’t get access to their online banking accounts as a security measure from the banks. This cyber-attack was serious indeed, as it exposed very important customer information that put them at risk.

All these attacks have something in common:

  • No matter what your company does, or how big it is – every company can be targeted.
  • They exposed customer sensitive data, putting them at risk.
  • They damaged the public image of the attacked companies.
  • The costs to recover from an attack are invaluable.
  • All these attacks have the same common objective: To steal information that can be converted into money – which is not a new thing, robbery is as old as time, the only thing that has changed is the mechanisms to perform these robberies on a new space: the cyberspace.

As you can see cyber security is not an expense for your company, it is an investment, and gives you protection in the same way your fire insurance does.

Happy New Year and keep it secure!