There are many people who don’t take information security seriously. But, one easy-to-guess password or accidental throw-away could be all it takes for a serious data breach, particularly in large companies. The proof is in the following examples of 5 of the worst and most embarrassing data breaches of our time.
At the beginning of this year the Australian government were caught out in what was arguably one of the biggest breaches of confidential data in its history. Embarrassingly for them, it was all because two filing cabinets had been accidentally disposed of. Heavy, old and locked up, these filing cabinets found their way to a Canberra op-shop and were sold for just $20. With just a bit of hand work the new owners of the filing cabinets found themselves in possession of hundreds of confidential documents that have now been dubbed The Cabinet Files. There was nothing to stop them handing the content to a foreign agent or government! The ABC has since published a selection of these documents to be seen by the public.
One might think that in today’s digital age a more sophisticated type of criminal work would be required to hack into the personal information of large corporations. Well, you’d be surprised. A data contractor tasked with protecting personal and medical information for military personnel had more than 4.6 million records stolen in September of 2011. How? One of his employees had left the back-up tapes in his car.
It turns out, if you’re an American, the Social Security Administration is not too concerned about protecting your identity. It’s reported that each year when they release the Death Master List they accidentally throw in about 14,000 social security numbers and birthdates of people who are still alive. What’s more, in the past they haven’t even notified those effected despite laws to the contrary.
While this isn’t a specific breach of data, the UK government has a pretty bad track record for keeping people’s data secure. When the Department for Work and Pensions lobbied for the tasks of maintaining an ID card database, some politicians were strongly opposed. Why? It was claimed that the government’s security strategy was ‘in shambles’. Apparently, they’ve mislaid CDs, lost laptops and even passwords that have been circulated with the information they should be protecting.
In perhaps the most embarrassing of all, the owner of an ID theft prevention service had his personal information stolen. How? Someone thought it would be a good marketing idea to put the owners’ social security number on the ad for the company. To add insult to injury, the crafty thief used his information to obtain a $500 personal loan. That’s it!
So, what should we learn from these embarrassing data breaches? Simply that it doesn’t take a criminal mastermind to hack into your private information. A few wrong steps and it can get really bad, really quickly. Avoid any similar situation in your workplace by taking security seriously – store documents safely, change your passwords and destroy any old information completely.