The Top Five Government Security Breaches of 2012
Chris Rodinis
November 30th 2012
Target: South Carolina
The damage? Over 3 million bank account numbers and about 4 million tax returns. How? One single employee of the State of South Carolina who was conned by a phishing attack. The hackers then gained access and did the rest.
The takeaway? Put in place more database activity monitoring and network detection measure. Had one or two more security measures been in place this could have been avoided or at least vastly minimized.
Target: California Department of Social Services
The damage? The important payroll information of about 700,000 persons. Contractors at HP while working with the California Department of Social Services had a package lost in the mail. The package contained microfiche with the payroll information.
The takeaway: Use a little common sense, plan for when something can go wrong, then make sure that can not happen. Always consider the basics of physical security.
Target: Utah Department of Health
The damage? Almost 800,000 medical records of Utahians. How Eastern European hackers compromised a server because of an authentication configuration not robust enough that was loaded onto a new server.
The takeaway? Why take more risk than necessary. Why not put in place the best authentication controls and the most robust patch management? A strong configuration reduces risk. Remember to maximize protection for sensitive data.
Target: California Department of Child Support Services
The damage? 800,000 health records. How? Somehow backup tapes were lost by the combined efforts of IBM, Iron Mountain and Federal Express.
The takeaway: What are your data protection policies? Why were they not followed? Again always consider the basics of physical security.
Target: United States Bureau of Justice
The damage? Hackers known as Anonymous stole and then dumped onto Pirate Bay approximately 2 GB of very sensitive information. Sensitive information such as internal emails and internal BJS documents that are, if not classified, they normally are at least protected.
The takeaway: this may not seem as serious, however, should the BJS be guarding their back door just in case? This shows how being lax on the front end with web apps can put the back-end into an easy line of hacking fire!
For more information about secure data destruction, please contact: