The worst data breaches 2017 showed how great it is to be a hacker right now. They are making away with billions of dollars. Yes, billions. Ransomware Alone is estimated to have taken over $2 billion, with total projections exceeding $9 billion for next year. Let’s look at the worst data breaches from 2017, and hope to god that we learn something for 2018.
Worst data breaches 2017: Equifax equi-fucks you
This wasn’t just one of the worst data breaches of 2017; it might be the worst data breach of all-time. Over 145 million people have their information stolen from them, including their personal Social Security numbers.
Those who are victims of this breach are up for possible identity theft in the future. It is also opened up the question of whether or not we need to centralize credit reporting agencies. Either way—excuse my language—what this company has done is completely fucking unacceptable. It is blatantly and painfully obvious that Equifax did not do enough to protect your data. It blames the hack on a single employee who has since been fired, which is either a scapegoat tactic or complete negligence of having all those data dependent upon one person.
Before my blood pressure rises much more, let’s move onto the next awful data breach.
Worst data breaches 2017: WannaCry, for real, bruh?
Over 150 countries were affected through a data breach which has been dubbed WannaCry. The hack demanded money to unlock files which were encrypted and could no longer be opened. This is what we call ransomware. Affected industries included:
- Hospitals
- England’s National Health Service
- Individual doctor offices
- Car companies
These are industries which should not be this vulnerable. But here we are, with one of the worst attacks in memory impacting the most vital of industries. The attack has been linked to North Korea.
WannaCry ransomware attack possibly linked to North Korea https://t.co/7ZykjlBDDc pic.twitter.com/PXzA9yl1Z9
— The World Of Geeks (@twogtech) December 5, 2017
Worst data breaches 2017: Yahoo’s more useless than ever
By my calculations, Yahoo has not been relevant since 1998. The most relevant thing that they have done is to get hacked on every single one of its three billing accounts in 2013, only finding out about the hack until 2016, and not disclosing the entirety of it until 2017.
Just take a second to think about this. Every single one of the 3-billion accounts was hacked. Yahoo didn’t find out about this for three years. Years! And when Yahoo did, it didn’t find out its full scope or even report it. Yahoo, why do you still exist?
Worst data breach is 2017: Shadow Brokers
Shadow Brokers are an anonymous group which leaked stolen hacking tools from—get ready for this—the National Security Agency.
What does it mean for the NSA itself, to get hacked? The shadow brokers attack on the NSA was more injurious to the agency than the Snowden leak. Not just plans, but actual malware was stolen. We discuss this week w/Bruce Schneier https://t.co/L979zF9hT0 & https://t.co/NLA10jd1zm pic.twitter.com/nk3DNinQ7u
— Hidden Forces (@HiddenForcesPod) December 5, 2017
The tools allowed the group to compromise the accounts of pretty much anyone with a Windows server or Windows operating system.
Frustratingly, Windows had issued a patch for the issue. However, many did not download and install the patch, and they were compromised. The hacking tools leaked by Shadow Brokers led to many of the data breaches we saw in 2017, including…
Worst data breaches 2017: NotPetya
This data breach from June 2017 targeted businesses in Ukraine. It used compromised tax software. The malware then spread to many global businesses, including:
- FedEx
- WPP, a British advertising agency
- Rosneft, a Russian oil and gas company
- Maersk, one of the world’s largest shipping companies
This is a vulnerability disclosed by the leak from Shadow Brokers. FedEx claimed for loss of $300 million, thanks to the attack. One of their subsidiary companies even had to suspend business operations.
FedEx reported losses of roughly $300M, & Danish shipping giant AP Moller-Maersk est. that the attack would cost it $200-$300M. #NotPetya
— Brian Kime (@BrianPKime) October 30, 2017
Worst data breaches 2017: Bad Rabbit
The Bad Rabbit infiltrated machines all over the world by posing as an update for Adobe Flash. It did this through compromised media websites. This is exactly the reason why I personally turn off Adobe and block all ads. Countries which were impacted included:
- Russia
- Ukraine
- Turkey
- Germany
هذا اهو#BREAKING! #BadRabbit #cyberattack: websites of #Kiev metro, #Odessa airport, #Ukraine's ministry for transport & #Russia|n news outlets affectedhttps://t.co/uz7DH2MXNX
— Omar ♈ (@OmAlbassam) December 5, 2017
If you think that it is wise to download software or an app from a pop-up ad, you’re crazy. Next time, you should go directly to the owner of the software or app and download it from them, or go to the official app stores.
Worst data breaches 2017: GOP voter record hack
GOP contractor's data breach affects 198 million people in largest exposure of voter information https://t.co/CydEOfBI1q
— Paul Komarek (@pkomarek) June 20, 2017
June 2017 saw the discovery of 198 million voter records being exposed after the GOP misconfigured data in the Amazon cloud. Why the party relies upon a third party to handle its data is anyone’s guess. Why it relied on Amazon, who have had problems in the past, is frankly negligent. The US Department of Defense and Verizon also have improperly configured data on Amazon servers.
As is usually the case when the government screws up, someone completely innocent was the victim:
- The US Department of Education warned teachers and parents of a possible data breach in October.
- A school in the District in Montana received threatening text messages, including parents and students.
- The goal of the text messages was an extortion campaign.
- Money was asked in exchange for the deletion of the stolen files.
- Schools in the district had to close for three days
- The Dark Overlord group claimed responsibility and said that the stolen details are from students, teachers, and many other district employees.
This same group was also responsible for stealing information from Netflix and its “Orange is the New Black” production partner.
Worst data breaches 2017: Uber plays themselves
Uber has not been having a good time in, well, a long time. The company is constantly getting bad press, and it did not help when a hacker stole 57 million customer data points… And Uber even paid him $100,000 to cover this thing up.
Uber did not disclose this until November 2017 when the company got a new CEO. It pissed off so many people that three US senators have introduced a bill that would give executives jail time if they cover the breach. Uber is also being sued.
Worst data breaches 2017: What we learned
If you learned anything from the worst data breaches 2017, it’s the fact that you should expect more of this in 2018. Protect yourself when you’re on public Wi-Fi. Stop giving away your personal data to every new stupid app that comes along. And start writing to your local government to hold executives responsible when they repress data breaches.