2009’s Top Five Data Disasters

If we can look back at the data breaches that happened in 2009, many of them occurred because of failure in providing data security.

Companies had the same reasons of poorly coded or patched software, of lost laptops, disclosed insider information and other inadvertent disclosures rather than new hacking tools or devious hacking techniques applied by hackers.

Let us look back at the TOP five noteworthy breaches of year 2009.

TSA: Lessons of Redaction

In one of the most shocking security gaffes this year, which can be ranked as number one, is when the Transportation Security Administration (TSA) inadvertently posted a manual on the public website that contained the facts on airport screening processes.

Notably, this manual of TSA embraced the details about checking for explosive instruments; passenger screening methods; special norms in handling CIA, law enforcement personnel and diplomats; technical settings and tolerances used in explosives; and metal detectors used by airport authorities.

The leak of such an important document occurred when the manual of TSA Standard Operation Process was placed on the website of its federal agency as part of the contract bid solicitation program. The comments from the lawmakers described  it as a “reckless” and “shocking” gaffe and some of them believed it to be a threat to the security of the nation.

Breach at Heartland Payment Systems

The breach of the Heartland Payment system made onto the list of top five data breaches just because of the spectacular size and scope of the breach of data that was revealed in January, 2009.

The compromise in the system happened because of errors in the SQL injections which allowed the hackers to fracture the networks of payment processors and steal the data of more than 125 million debit and credit cards for several months.

The number easily crossed the figure of 95 million cards which were whispered to have been compromised during the hack that occurred in 2007 at TJX Companies Inc. It caused Heartland to announce the largest data breach that has ever occurred in the history of transactions.

Health Net’s Delayed Disclosure

There was a real disaster when the hard drive of Health Net of Northeast Inc. was stolen, or lost, which contained the company data from the past seven years. This hard drive contained the unencrypted financial, medical and personal information of more than 1.4 billion clients. It worsened when the company disclosed the event only after six months of its occurrence.

As mentioned earlier, the hard drive contained the names, addresses, social security numbers, and the medical records of clients of Health Net from New York, New Jersey, Connecticut, to Arizona.

In order to avoid the late disclosures, new laws regarding healthcare breaches came into the picture on November, 2009 designed for companies to unveil such breaches earlier. But, there are doubts over this law due to the controversial harm threshold that came into the bill.

U.S. GPO’s disclosure of Nuclear Secrets

In a shocking incident that emphasized some indiscrepancies in government processes, a paper containing sensitive information about sites of U.S. civilian nuclear secrets that were marked as “Highly Confidential and Safeguard Sensitive” by the president himself, was posted publicly on the website of the Government Printing Office.

The paper disclosed thorough information about the thousands of civilian nuclear sites in the country. The paper also containedthe places uranium could be found. It also had the details of the locations of nuclear weapons research labs at places like Sandia, Livermore, and Los Alamos. The paper may have been placed on the website because of distinctions in how government agencies handle and classify official papers.

Breach of 32 Million Passwords from RockYou

An organization named Rockyou Inc., which is a vendor for social networking applications, became a member of this list of disasters just a week before when a breach of data exposed user names and passwords of 32 million members.

Since the number is very noteworthy, what made it worse was that the company stored the passwords in simple text rather than in an encrypted format. Another shocking thing was that RockYou had asked its users to login with their mail addresses, meaning hackers now have access to millions of these mail addresses (except the users’ that change their passwords).