The Cost Of Hacking
- 1. <THE COST OF HACKING>
- 2. The threat hackers pose to businesses is undeniable, but what costs exactly do those threats entail? Let's take a closer look at some of the costliest attacks hackers have ever performed: Click this icon to tweet information from each slide.
- 3. HEARTLAND (2008) In 2008, hackers broke into the network at Heartland Payment Systems, the fifth largest payments processor in the U.S. Thirteen pieces of malware capitalized on weaknesses in Microsoft software. When card issuers reported a possible breach in October, Heartland hired two companies to search the network. The following January, they located the breach. TYPE OF DATA STOLEN cardholder namesaccount numberstrack data from credit card magnetic strips 555687 950361 555687 950361 MONEY LOST RECORDS LOST 130 Million $12.6 Million
- 4. In May of 2014, global online retailer eBay discovered a breach in its main database, which held user passwords. Compromised between late February and early March, the system remained vulnerable for at least three months. Financial costs are not specified, but “Non-GAAP operating margin was 24.4 percent, down 190 basis points.” EBAY (2014) phone numbers dates of birth TYPE OF DATA STOLEN email registered addressespasswordscustomer names RECORDS LOST 145 Million
- 5. TJ MAXX (2005-07) In 2005, hackers broke into wireless networks that made use of WEP, a relatively weak security protocol. The bad guys then accessed TJX internal systems, and remained undetected for 1 1/2 to 2 years. In the end, the hackers accessed 94 million records -- more than twice the 46 million originally estimated. RECORDS LOST 94 MillionMONEY LOST $130 Million TYPE OF DATA STOLENcredit card numbers
- 6. RECORDS LOST 145 Million LIVINGSOCIAL (2013) In April of 2013, hackers tapped into LivingSocial computer systems, accessing customer data from servers. Among the stolen data: encrypted passwords, though LivingSocial does "hash" and "salt" its PWs. Thankfully, credit card information lived elsewhere and was untouched. TYPE OF DATA STOLEN names email addresses dates of birth encrypted passwords
- 7. MONEY LOST RECORDS LOST 56 Million $43 Million Attackers used a 3rd-party vendor's login information to gain entry into Home Depot's network—then acquired elevated rights, which enabled them to release customized malware into the retailer's self-checkout systems. Home Depot reported $43 million of pre-tax expenses linked to the breach in the 3rd quarter of 2014 alone. These included costs to investigate the breach, protect the identities of affected customers, staff additional call centers, and secure legal and professional services. The home-improvement giant expects additional lawsuits from payment card networks that suffered fraud losses, and that incurred additional operating expenses, such as card replacement costs. As of November 2014, 44 lawsuits were in the wings. HOME DEPOT (2014) TYPE OF DATA STOLEN credit & debit card information email addresses
- 8. MONEY LOST RECORDS LOST 77 Million $15 Million customer names billing addresses birthdates PSN passwords and logins profile data securirty questions purchase histories TYPE OF DATA STOLEN SONY PSN (2011) On April 19, 2011, Sony discovered hackers had breached its Playstation Network (PSN) and stolen data from 77 million user accounts over the previous two days. The mega-brand immediately shut down the network... but waited a week to announce the reason. Sony denies that any credit card data was taken, while attorneys involved in a class-action suit claim the hackers offered for purchase 2.2 million credit card numbers and verification codes.
- 9. RECORDS LOST 700 MillionMONEY LOST $38 Million ADOBE (2013) TYPE OF DATA STOLENusernames encrypted passwords ******** credit & debit card information source code for products like Photoshop & Acrobat In October of 2013, attackers stole several million usernames and encrypted passwords, as well as approximately 2.9 million encrypted credit or debit card numbers. Shortly after, a 3.8GB file with more passwords showed up online though Adobe claimed that this could include inactive IDs, test accounts, and IDs with invalid passwords.
- 10. RECORDS LOST 10 Million SONY PICTURES (2014) TYPE OF DATA STOLEN 5 filmspasswordssalaries of 6000 employees In November 2014, anonymous hackers e-mailed execs at Sony Pictures, alleging "great damage by Sony Pictures (sic)," and threatening the company would be "bombarded as a whole" if demands weren't met. A few days later, suspicions indicated that the attack was related to the pending release of The Interview, a Sony comedy about the assassination of the North Korean Leader Kim Jong Un. As well, several pieces of sensitive data leaked online, including Sony employee salaries and contact information, and torrents of unreleased Sony films, including Annie, Mr. Turner, Still Alice, and To Write Love on Her Arms. Specific numbers aren't yet available, but even brand reputation costs are huge. Sony canceled the release of The Interview, and employees filed a class-action lawsuit against their own company for not securing networks, nor protecting companies after their personal information was compromised.
- 11. Heartland http://krebsonsecurity.com/tag/heartland-payment-systems/ http://www.bloomberg.com/bw/stories/2009-07-06/lessons-from-the-data-breach-at-heartlandbusinessweek-business-news-stock-market-and-financial-advice http://www.networkworld.com/article/2254061/lan-wan/security-breach-cost-heartland--12-6-million-so-far.html eBay http://www.forbes.com/sites/gordonkelly/2014/05/21/ebay-suffers-massive-security-breach-all-users-must-their-change-passwords/ TK / TJ Maxx http://money.cnn.com/gallery/technology/security/2013/12/19/biggest-credit-card-hacks/3.html http://www.internetnews.com/ent-news/article.php/3714611/How+TJX+Became+a+Lesson+In+Proper+Security.htm Sony PSN https://www.cocc.com/whitepaper/16/lessons-sony-playstation-breaches http://www.reuters.com/article/2011/04/26/us-sony-stoldendata-idUSTRE73P6WB20110426 http://www.polygon.com/2014/7/23/5931793/sony-2011-data-breach-class-action-lawsuit Home Depot http://phx.corporate-ir.net/phoenix.zhtml?c=63646&p=irol-newsArticle&ID=1964976 https://corporate.homedepot.com/MediaCenter/Documents/Press%20Release.pdf http://www.esecurityplanet.com/network-security/home-depot-breach-has-already-cost-the-company-43-million.html LivingSocial http://www.crn.com/news/security/240153803/livingsocial-data-breach-affects-millions.htm https://www.livingsocial.com/createpassword Adobe http://www.pcworld.com/article/2059002/adobe-security-breach-worse-than-originally-thought.html https://www.wisepiggy.com/credit_tutorial/credit_score/major-security-breaches.html Sony Pictures http://thenextweb.com/insider/2014/12/13/timeline-sony-breach-data-leaks-far/ http://rt.com/usa/229291-sony-hack-cost-millions/ REFERENCES </THE COST OF HACKING>