According to Ericka Chickowski in her 29 November article for Dark Reading, “10 Top Government Data Breaches Of 2012,” SQL injection, post-phishing and inadequately secured back-up information all contributed to spectacular comprises of data across the USA in 2012. Some of the breaches were the work of hackers, while others were the result of simple negligence, such as leaving a laptop unattended inside a parked car. Here are the ten:
California Department of Child Support Services
In a very “old-school” incident, the California Department of Child Support Services lost approximately 800,000 sensitive health and financial records when a FedEx shipment fell off a truck.
California Department of Social Services
In an incident that can also be called “old-school,” sensitive payroll information for almost three-quarters of a million Californians was lost in the mail.
City of Springfield, Missouri
As a favor to the citizens of Springfield, grey hat hackers compromised the City of Springfield website and redacted “all data that could cause problems to civilians,” including more than a quarter-million summonses filed in the city’s digital database.
On Halloween, an unencrypted agency laptop containing personally identifiable information for approximately 10,000 NASA employees was stolen from an employee’s car.
New Hampshire Department of Corrections
Inmates at a state correctional facility used a server in the prison industries shops to access the prison’s internal networks, giving them access to sentencing, parole dates and personally identifiable information for prison staff members.
A state employee fell for a phishing attack, resulting in the theft of millions of unencrypted bank account numbers and tax returns.
Utah Department of Health
Health information for more than three-quarters of a million Utahans was put at risk when hackers took advantage of poor authentication configuration to break into a Utah Department of Technology Services server.
United States Bureau of Justice Statistics
Anonymous hacked the United States Bureau of Justice Statistics (BJS) and leaked 1.7 GB of Bureau data on Pirate Bay.
United States Navy & DHS
Blind SQL injection attacks enabled a group called Digital Corruption to break into Department of Homeland Security and U.S. Navy websites and steal usernames, passwords, email IDs and security questions and answers for all users on the Navy’s Smart Web Move website and Homeland Security’s Transportation Worker Identification Credential website.
Wisconsin Department of Revenue
The Wisconsin Department of Revenue leaked sensitive seller information for more than 110,000 people and businesses by permitting an unknown embedded file in a Microsoft Access file with public-facing sales data to go live.
While we can’t help you with FedEx trucks or laptops left on the passenger seat of your car, Acunetix Web Vulnerability Scanner (WVS), the industry standard, safeguards your website by discovering dangerous vulnerabilities on your website, including SQL injection and cross site scripting, before hackers can use these vulnerabilities to breach your website and steal or compromise your organization’s data. Acunetix WVS provides you with the most advanced and in-depth SQL injection and Cross-site scripting testing, state of the art crawler technology, detailed security reports down to the exact line of code and low false positives.
Acunetix clients include Bank of China, the US Army, NASA, Telstra, Fujitsu, the US Department of Agriculture, the California Department of Justice and the US Air Force, among many others. Yes, NASA. We told them a thousand times about leaving their laptops in their cars.
Mount a rigorous defense against data breaches on your company’s frontline – your website. Download Acunetix WVS today.