2017 SECURITY BREACHES

1.EQUIFAX
INTRODUCTION
One of the worst cyber attacks in the history was carried out in the U.S. targeting a
well-known credit bureau EQUIFAX. The breach started in may and continued for
two months.

OCCURRENCE
The attack was facilitated by a severe vulnerability in the agency’s web portal
Apache Struts. However other shortcomings included: insecure network design,
inadequate encryption and inefficient breach detection mechanisms.

RAMIFICATIONS
Personal information including social security number, .full names, birth dates,
addresses, driver’s license numbers and credit card numbers of approximately
145.5 million U.S. citizens was compromised. A number of Canadian and British
citizens were also affected.

REACTIONARY INITIATIVES
The firm hired an outside firm Mandiant for complete investigation into the
breach. The top management of the organization had to lose their jobs. The
company announced that it will now allow the customers full access to their
personal data.

2.WANNACRY
INTRODUCTION
It was one of the most widespread ransomware attacks which affected almost
300000 systems in 150 countries. The attack occurred in May 2017.

OCCURRENCE
The attack used a code named EternalBlue developed by the U.S. National Security
Agency, which the hackers stole, to exploit a flaw in the Windows file sharing
protocol. The attack upon infecting a computer spread to other devices connected
through it via LAN or WAN.

RAMIFICATIONS
A large number of organizations were affected by the attack specially National
Health Service in the U.K. Some surgeries were cancelled and ambulances
diverted. Nissan Motors also had to halt their production. According to an
estimate ,financial losses of hundreds of millions of dollars were borne by the
affected entities.

REACTIONARY INITIATIVES
A patch for vulnerability had already been released by the Microsoft. Also a kill-
switch was found which helped in terminating the attack. Open source tools were
developed for decryption.

3.NOTPETYA
INTRODUCTION
NOTPETYA was another well known malware that spread in Ukraine in July 2017.

OCCURRENCE
It used NSA-developed EternalBlue and EternalRomance codes to make its way
inside the computers. It spread from one PC to another automatically.

RAMIFICATIONS
The hackers did not demand monetary benefits. The infected files were completely
encrypted and the affected hard drives were irreversibly damaged.

REACTIONARY INITIATIVES
The U.S. and European countries ensured Ukraine of their assistance as the matter
was politicized due to the blame put on Russia. No kill switch could be found.
However a vaccination was found. Every user not yet affected needed to create a
read only file called perfc in the C folder of windows to make its computer safe
from infection. The file so created was called vaccination file.
4.CLOUDBLEED
INTRODUCTION
Cloudbleed was a security bug discovered on 17 Feb,2017 in the reverse proxies of
a service provider CloudFlare.
OCCURRENCE
It exploited a glitch to fool the website’s servers. Upon request of the client sites,
the personal data was leaked to un-related users without authorization.
RAMIFICATIONS
The attack continued for six months until its discovery. Many popular websites
were among those affected, however the exact impact of the attack cannot be
pinned down with accuracy.
REACTIONARY INITIATIVES
After the discovery, the bug was removed. Customers were advised to renew their
passwords.
5.ZOMATO HACK
INTRODUCTION
On 16 May,2017 it came to surface that a cyber attack had hit an Indian
restaurant search and delivery service, ZOMATO, exploiting a loophole in their
security system.
RAMIFICATIONS
E-mails and passwords of around 17 million customers were stolen and the
hackers demanded money in the form of bitcoin. However the credit cards
information was safe.
REACTIONARY INITIATIVES
Passwords were reset. Other necessary measures were taken.
6.HBO HACK/GAME OF THRONES LEAK
INTRODUCTION
In a high-profile attack, the famous TV channel HBO was hacked in late July.
Some episodes of the popular TV show Game of Thrones were stolen.
RAMIFICATIONS
1.5 TB of data was stolen. The hackers demanded money, eventually releasing the
stolen episodes on the internet.
REACTIONARY INITIATIVES
HBO decided to stream advance episodes online as it thought of it as the only
option.
7.BADRABBIT
INTRODUCTION
In October, a ransomware named Badrabbit struck Russia. EffectS were also seen
in Ukraine, Turkey and Germany.
OCCURRENCE
It compromised some websites and then posed itself as Adobe Installer on them.
After infecting a computer, it scanned the network for shared folders to get
credentials in order to get into other systems as well.
RAMIFICATIONS
Quite a large number of organizations were affected. Specifically in Russia, media
websites were targeted. Russian banks also felt the tremors, however survived the
attack. An airport and an underground railway station in Ukraine were also under
attack.
8.VERIZON
INTRODUCTION
On July 13 2017,it was discovered that 14 million Verizon subscribers might have
been affected by a data breach.
OCCURRENCE
The leak was said to occur due to a misconfiguration of server by a third-part
vendor.
RAMIFICATIONS
The names, mobile numbers and PINs were at stake.
REACTIONARY INITIATIVES
Make sure any third party handling customer data keeps it secure.
9.DELOITTE
INTRODUCTION
On Sep 25, 2017 it came to light that a multinational professional services firm
Deloitte suffered from unauthorized access.
OCCURRENCE
The firm had not put into place two-factor authentication. Hence once the hackers
were able to acquire single password from administrator of the firm email
account, they were able to access all parts of the email system.
RAMIFICATIONS
Investigators believe that hackers were interested in the biggest clients of the firm,
however the firm insisted that only a limited amount of clients were affected.
10.SONIC
INTRODUCTION
On 26 Sep.2017,a breach was reported at a fast food chain SONIC when the entity
notice unusual activity on it’s customers, debit and credit cards.
RAMIFICATIONS
Millions of stolen credit and debit card numbers from the said organization were
put on sale on the Dark Web.
REACTIONARY INITIATIVES
Third part forensic experts were hired by the affectee. Law enforcement agencies
were engaged. However, more details were not provided.
11.WHOLE FOODS MARKET
INTRODUCTION
On 28 Sep, it was disclosed that the payment system of “Whole Foods Market”
recently acquired by Amazon was breached. The breach was said to have started
in March until its discovery in Sep.
Occurrence
The information was stolen through the use of an unauthorized software on Point
of Sales at various locations.
RAMIFICATIONS
The credit card information was stolen from taprooms and restaurants of about
100 stores. However, grocery payments and payments through Amazon were not
affected.
REACTIONARY INITIATIVES
The impact was not disastrous. The unwanted software was removed.
12.HYATT HOTELS
INTRODUCTION
Hyatt hotels suffered a breach from March 18 and July 2 this year.41 of its
properties in 11 countries were affected. The most impacted country was China.
Occurrence
The incident affected credit and debit card payments at various locations of the
chain. The information was stolen from the front desks where cards were swiped or
entered manually.
RAMIFICATIONS
Information including card numbers, internal verification codes, cardholder names
and expiry dates was compromised. However, the information stolen was only a
small percentage of the total cards swiped.
REACTIONARY INITIATIVES
Hyatt Hotels internal cyber security department discovered the breach. Third party
experts were also hired. The company in a statement assured of more strict
measures in the future.
13.FOREVER 21
INTRODUCTION
The American-Based clothing retail store was the subject of an attack during
March and October this year. The information from payment system was
compromised.
Occurrence
Some point of sales at a number of locations were affected due to the non-
operation of encryption and tokenization at those places.
RAMIFICATIONS
Card numbers, names, codes and expiry dates were stolen.
REACTIONARY INITIATIVES
The customers were advised to keep an eye on any unusual transactions on their
cards. The company ensured of its measures to functionalize the encryption and
also of taking further security measures after consulting with third party firms.
14.eBay
INTRODUCTION
On December 10, 2017,eBay suffered a data breach. Information was leaked via a
shopping platform.
Occurrence
The breach was due to an improper feed signal between the two companies i.e.
eBay and the shopping website. However the two entities are still trying to find the
real root cause.

RAMIFICATIONS
Very sensitive information including HIV home test kits, pregnancy test and drug
testing kits was compromised.
REACTIONARY INITIATIVES
Within two days, user real names were masked with dashes. The investigation is
still on.
15.TARINGA
INTRODUCTION
The user data from an Argentina based social network was stolen on Aug
1,2017.The breach was discovered in Sep.
OCCURRENCE
The attack was made possible due to the use of a weak algorithm MD5.The weak
encryption made it easier for the hackers.
RAMIFICATIONS
Passwords of about 28 Million users were leaked.
REACTIONARY INITIATIVES
Use strong algorithm for data encryption.
16.VERIFONE
INTRODUCTION
A limited breach into the internal systems of Verifone, the largest point of sale
credit card terminals maker in the U.S. came to light in January 2017.
RAMIFICATIONS
The attack had a little impact. The breach was only within the corporate network
while the payment services were not affected.
REACTIONARY INITIATIVES
The company claimed that the potential misuse of the information has will only
have limited impact and that it took reasonable retaliatory measures.
17.DUN and BRADSTREET
INTRODUCTION
A huge business service company ,DUN And BRADSTREET, found the data from
its marketing database shared on the web. The database had over 33 million
corporate contacts.
OCCURRENCE
The company had sold 52 GB of its data to thousands of customers, being its
business. So, it is not sure which client business suffered the breach.
RAMIFICATIONS
The company had records of millions of employees from organizations including
U.S. state departments. The information included names, e-mails and other
business data.
REACTIONARY INITIATIVES
This breach shows the importance of collaborative security efforts in this era.
Businesses need to work along with other stakeholders for better steps in the
future
18.AMERICA’S JOBLINK
INTRODUCTION
On March 21,Ameica’s web based job link for job seekers revealed that the
potential employees who had their accounts with the entity before March 14 might
have suffered from a breach
Occurrence
The attacker exploited the misconfiguration in the application code
RAMIFICATIONS
The hacker was able to gain access to full names, birth dates and social security
numbers of millions of job seekers
REACTIONARY INITIATIVES
The code misconfiguration was discovered on 14 March and was subsequently
eliminated
19.GMAIL
INTRODUCTION
On 13 may, a sophisticated phishing scam tried to gain access to users Gmail
accounts through a third party app.
OCCURRENCE
The emails were sent which looked like from a trusted contact. Once clicked, the
link led to a Google security page and user was prompted to allow a fake Google
Docs app to manage his or her account.
RAMIFICATION
Approximately,1 million users were affected.
REACTIONARY INITIATIVES
Google put an end to scam in about an hour.
SECURITY TAKEAWAY
Never click on any links without prior confirmation.
20.BRONX LEBANON HOSPITAL CENTER
INTRODUCTION
On May 10,it was found that thousands of patients had their personal records
exposed in a breach that affected a hospital in the New York.
Occurrence
The breach happened due to a misconfiguration in Rsync backup server hosted by
a third party, iHealth.
RAMIFICATIONS
Extremely sensitive information was leaked including names, home addresses,
religious affiliations, addiction histories, mental health, HIV statuses and sexual
assaults etc.
REACTIONARY INITIATIVES
The hospital and iHealth immediately took reasonable steps to protect the exposed
data.
21.DocuSign
INTRODUCTION
On May 17 it came to surface that users of electronic signature provider,
DocuSign were targeted in a scam.
Occurrence
The hackers accessed one of the systems of the entity using a malware.
RAMIFICATIONS
The e-mail addresses were stolen .Then DocuSign branded messages were sent to
those emails that prompted the customers to download a document which
contained malware.
REACTIONARY INITIATIVES
Never click any links on email. Only download documents directly from the
website.
22.UNIVERSITY of OKLAHOMA
INTRODUCTION
On June 14 it was discovered that a data breach has occurred in the university’s
document sharing system, Delve.
OCCURRENCE
The breach occurred due to incorrect privacy settings which resulted in
unintentional exposure of personal information of students.
RAMIFICATIONS
Information such as social security numbers, financial aid details and grade was
made public as a result.
REACTIONARY INITIATIVES
The file sharing service has been shut down for an indefinite period of time.
23.CALIFORNIA ASSOCIATION of REALTORS
INTRODUCTION
Real Estate Business Services, a subsidiary of California Association of Realtors
was the victim of a data breach from May 13 to May 15.
Occurrence
The organization’s online payment system was infected with a malware. On filing
of information by the customer, it was possibly retrieved by the malware to a third
party.
RAMIFICATIONS
Information included credit card numbers, codes expiry dates, users names and
addresses.
REACTIONARY INITIATIVES
The malware was subsequently removed and the organization is now using PayPal
for online payments.
24.KMART
INTRODUCTION
On May 31,2017 KMART, a retail store had to experience a malware attack that
targeted its payment system. Unauthorized credit card activity was noticed.
Occurrence
The payment system was infiltrated with a malicious code that was not detected by
the anti-viruses.
RAMIFICATIONS
Certain credit card numbers were stolen. However it did not impact KMART’s
online shoppers.
REACTIONARY INITIATIVES
The malicious code was removed from the system. Third party experts were hired
for further consultation in order to further enhance the IT security of the company.
25.DEEP ROOTS ANALYTICS
INTRODUCTION
On June 20,it was discovered that data of about 200 million U.S. voters that was
stored by a data analytics firm on an Amazon cloud server was exposed.
Occurrence
The data was exposed due to a misconfiguration. Any one with sub-domain “dra-
dw” could access the records as there was no password protection.
RAMIFICATIONS
Exposed details included names, date of births, addresses and voter registration
details. However, thankfully, the data did not fell into malicious hands and the
shortcoming was timely discovered.
REACTIONARY INITIATIVES
Deep Root updated the access settings and put protocols in place to prevent further
exposure.
TAKEAWAY
Always use secure configurations for cloud storage.
26.FAFSA:IRS Data Retrieval Tool
INTRODUCTION
In March 2017,Internal Revenue Service of the U.S. found out a potential data
breach in its data retrieval tool called Free Application for Federal Student
Aid(FAFSA).
RAMIFICATIONS
The thieves that stole the personal information tried to steal additional data using
the tool.8000 fraudulent returns were filed. Almost 100000 taxpayers were
compromised and thieves got access to tax returns of over 300000 people.
REACTIONARY INITIATIVES
The data retrieval tool was shut down.52000 returns were stopped by IRS filters
while14000 illegal refund claims ere halted.
27.EDMODO
INTRODUCTION
Education platform, Edmodo was breached on May 11 by a hacker known as
nclay.
RAMIFICATIONS
The hacker stole 77 million accounts and put them for sale on dark web for just
$1000.The data included usernames, email addresses and hashed passwords.
Thankfully, the passwords were hashed with a robust algorithm.
REACTIONARY INITIATIVES
The company assured of thorough investigation into the matter.
28.UNIVERSITY OF VERMONT MEDICAL CENTER
INTRODUCTION
On 22 May 2017,an unauthorized third party gained access to patients’
information at the university of Vermont medical center.
OCCURRENCE
It was a phishing incident where the attacker reached the email address of an
employee of the organization. The email of that employee contained information
regarding patients dealt with at the center.
RAMIFICATIONS
2300 patients were affected. Stolen information included patients’ names,
addresses, date of births, medical record numbers and clinical information.
REACTIONARY INITIATIVES
That particular email account was suspended. Other security measures were put in
place including training the employees about securing the patients’ information.
29.JIO
INTRODUCTION
In july, the Indian telecom operator JIO was hit by a data breach in which data of
its customers was leaked. This was arguably India’s biggest data breach.
RAMIFICATIONS
The information relating to users of Reliance Jio was found on a website called
magicapk. The information included full name, mobile number, email ID and SIM
activation dates etc.
REACTIONARY INITIATIVES
The website named magicapak was suspended. Reliance Jio further ensured that
the investigation was under process.
30.PIZZAHUT
INTRODUCTION
On 1 October , the famous website and app of the pizza hut was hacked with
personal details of customers jeopardized.
OCCURRENCE
Billing information was compromised that affected the customers who visited the
website from the morning of 1 October to the mid-day of 2 October 2017.
RAMIFICATIONS
The personal details compromised included delivery addresses ,email addresses,
account numbers and expiry dates etc. According to a report,60000 U.S. customers
could have been the victim of the breach.
REACTIONARY INITIATIVES
Pizza hut halted the intrusion after its discovery and informed the customers about
the breach through an email.
31.CHIPOTLE
INTRODUCTION
Chipotle Mexican Grill, Inc. an American fast restaurants chain was hit by a
malware attack between March 24 and April 18.The chain’s payment system was
under attack.
OCCURRENCE
The malware infected cash registers and captured information stored on the
magnetic strip on credit cards known as track data. The cards used at point of
sales were affected.
RAMIFICATIONS
2250 restaurants were affected by the malware. However, the number of customers
that became the victims was not confirmed. The data leaked included account
numbers, verification codes, names and expiry dates.
REACTIONARY INITIATIVES
The malware was subsequently removed. The company worked in collaboration
with external experts and law enforcement agencies to further beef up the IT
security. The customers were advised to keep a check on their bank statements.
Further information was not provided as the investigation was still underway.
32.CEX
INTRODUCTION
One of the Britain’s largest retail franchises CEX was the subject of an attack this
year. The attack was said to be a trailblazing one.
OCCURRENCE
Any specific technical information was not provided at the time. So, it cannot be
said with accuracy what was the weak point that was exploited by the thieves.
RAMIFICATIONS
Personal details like names, e mail addresses and phone numbers of 2 million
customers were compromised.
REACTIONARY INITIATIVES
The company advised the affectees through emails to change their passwords.
Additional security measures were put into place. Further information was not
provided as the company was still working with the police to go to the end.
33.BUPA
INTRODUCTION
A London based private healthcare group, Bupa, was affected by a data breach on
13 July 2017.Its international health insurance plan records were compromised.
OCCURRENCE
The leak occurred due to the unprofessional behavior of an employee who
inappropriately copied and removed information from the records. The breach was
said to be unintentional.
RAMIFICATIONS
About 500000 customers were affected. Out of these,4300 were UK residents while
others were foreigners. The data leaked included names, birth dates and some
contact information.
REACTIONARY INITIATIVES
The group involved the appropriate authorities. Appropriate legal action was
taken. Most Prominently, the employee responsible for the breach was dismissed
from his job.
34.WONGA
INTRODUCTION
Wonga, a payday loan company was hit by a breach this year. This breach also
was a quite sophisticated one.
OCCURRENCE
No specific information was available at this time about how it actually happened.
This was because the investigation was still ongoing
RAMIFICATIONS
Almost 245000 customers were hit. The information breached included names,
emails, home addresses, phone numbers, bank accounts, sort codes and last 4
digits of debit cards.
REACTIONARY INITIATIVES
The company showed concern and advised its customers to closely monitor their
account activity and also change their passwords .However the case was not
closed as yet.
35.ARBY’S
INTRODUCTION
The American fast food company, Arby’s, suffered a data breach that came to
surface on 17 Feb this very year. Some restaurants of the chain were affected.
OCCURRENCE
The breach actually occurred in mid-Jan. A malware was placed in the payment
system of the company.
RAMIFICATIONS
One third of the company’s 3000 plus U.S. Stores were affected. Data from debit
and credit cards of more than 350000 customers was breached in the attack.
REACTIONARY INITIATIVES
The malware was removed. However, the company is still working with the FBI
which has asked it not to make any specific details public.