26 October 2014

The Five Recent Data Breaches That Have Washington Worried About Future Cyber Attacks

Mario Trujillo
The Hill
October 20, 2014

Five shocking Internet hacks

The string of serious hacking attacks against U.S. businesses is spurring calls in Congress for cybersecurity reform. 

Industry observers are pessimistic about the changes for a quick fix, predicting that legislation won’t reach the president’s desk until a “major catastrophe” occurs.

“Congress follows public sentiment — and loses interest when the public does,” said Kristen Verderame, founder of Pondera International. “Which is why nothing has happened, and nothing will until an event occurs that will go significantly beyond the norm in these areas.”

Still, with every high-profile attack against a U.S. business, more lawmakers are sounding the alarm about hackers who exploit security loopholes for profit.

Here are the five data breaches that have pushed cybersecurity up the legislative agenda.

1.) JPMorgan Chase

Information from 76 million households and 7 million small business accounts was taken from JPMorgan Chase, including names and contact information but not account or Social Security numbers.

News of the hack first surfaced in August, but the full extent of the damage was not revealed until earlier this month. 

The FBI is looking into the breach and President Obama has reportedly received regular updates on it. Some officials say the attacks appeared to have emanated from Russia, according to The New York Times. 

A number of lawmakers called for action on cybersercurity in the wake of the attack, including Sens. Angus King (I-Maine) and Ed Markey (D-Mass.). However, the pleas are coming at a time when lawmakers are away from Washington campaigning for reelection.

2.) Nude celebrity photos

Intimate photos of hundreds of celebrities — including Jennifer Lawrence and Kate Upton — began circulating in September after their individual Apple iCloud accounts were breached. 

After a two-day investigation, Apple said its overall system was not compromised. They said hackers attacked specific celebrity accounts by targeting “user names, passwords and security questions, a practice that has become all too common on the Internet.” Apple advised customers to use a strong password and enable two-step verification. 

The FBI is reportedly looking into the leaks, and attorneys for some of the celebrities have threatened multimillion-dollar lawsuits against Google for not taking down the images quickly enough, something Google has denied.

Similarly, this week the app Snapchat, which allows users to send self-deleting pictures and messages, came under fire for the reported leak of hundreds of thousands of videos and images from the service. The company denied it was hacked and blamed it on the breach of a third-party app that allows the messages to be saved.

3.) Home Depot

Home Depot revealed in September that the payment cards of 56 million people were at risk after a cyber-attack on the company. A new type of malware was present in the Home Depot system from April to September before being detected. The company said there was no evidence that customers’ pin numbers were compromised. 

The worlds largest retail chain said the breach was expected to cost the company $62 million, which money spent on the investigation, increased call center staffing and legal services. 

4.) Target

Hackers put a damper on the holidays last year by stealing the credit card information of 40 million Target customers. The name and contact information from 70 million additional people was also accessed. 


The breach was examined in multiple congressional hearings and spurred the introductions of several bills, including Sen. Patrick Leahy’s (D-Vt.) Personal Data Privacy and Security Act, which would create company standards for notifying customers after an attack. 

Target’s chief financial officer John Mulligan testified to Congress that he was “deeply sorry” for the security lapse.

Verderame said breaches at retail stores like Home Depot and Target got the most attention from lawmakers because of constituents’ concerns.

"This is not necessarily because these breach incidents warranted special or increased attention — but because the press and the public reacted more to these," Verderame said. 

5.) eBay

In May, eBay asked 145 million users to change their passwords after hackers slipped through the company’s defenses by stealing credentials from some employees.

Like the majority of the major breaches, the hackers did not access financial information. But the company took, email addresses, passwords and other customer information.

Four states — Florida, Illinois, Connecticut and California — announced at the time were probing the security measures that the company was using at the time. 

Other lawmakers in Congress also a sent letter to eBay to ask what, if any, additional security protections would be put in place to protect customers.

No comments: