10 Top Security Snafus

The top security snafus and data breaches were as surprising as they were big and will be discussed for years to come. A breach in security is always a matter of concern. No one wants to be violated on a personal level. When it becomes a business or government issue, weaknesses in security can have major ramifications, a ripple effect that can spread out of control.

What Are Some Notable Recent Security Breaches?

In many instances, attacks on security have struck at a global level. Here are the top ten security snafus that have had people talking in recent history.

1. Snowden Reveals a Shaky Foundation for America’s National Security Exposed

In June of 2013, the story of the Edward Snowden leak hit the news. Snowden was a previous employee of the global communications division at the CIA. He was a top cybersecurity expert at the agency at worked internationally. Although he dropped out of high school because of mono and earned a GED, his computer skills were so superior his formal education was not important. Prior to the CIA he had a short stint as a security guard at the University of Maryland. At the time of the data leak, Snowden was a tech employee for the Booze Allen Hamilton Firm, a private consulting company. Contractors of the firm worked for the National Security Agency (NSA).

His leak of highly classified information revealed NSA and Five Eyes global surveillance programs. The NSA surveillance programs had questionable legal grounds and infringed on the individual privacy of US citizens. Snowden reported that Americans were unknowingly under constant watch by the government agency. While Snowden maintains he is a whistleblower, the US government has refused him the legal protection of whistleblower laws. Although his actions uncovered secret government surveillance programs, the leaked information also put thousands of US operatives and military members at risk. And his actions put the US government and President Obama in a sticky situation. Snowden fled the country and went to Hong Kong. He applied for political asylum in 21 countries and was denied. On September 26, 2022, president Putin granted him Russian citizenship which makes extradition impossible. And today, the world-class hacker from North Carolina lives in Moscow.

2. RSA Security: Not So Secure

The RSA Security company found itself facing the music when as many as 40 million personal records for employees were stolen, divulging information that could lead to catastrophic repercussions for many individuals, primarily through identity theft. Hacker groups, inspired by a foreign government, were blamed for the breach. While customer files were not affected, RSA found itself under a major financial burden, dishing out nearly $70 million to correct the situation.

3. The Department of Veteran Affairs is Dealt a Severe Blow

A national database of veterans, current military members, and their family members was on an analyst’s computer in Maryland. An unidentified intruder stole the computer and released information for over 26 million individuals. Social security numbers and birthdates provided the perfect recipe for anyone who wanted to try their hand at identity theft, providing them with a financial ticket to credit and funds belonging to those who served our country, a major disgrace in itself. While the computer was returned by an anonymous source, the total losses from this security snafu was close to $500 million.

4. CardSystems Solutions Proved they Didn’t Have all of the Answers

Using a SQL Trojan, hackers stole credit card information from 40 million clients. Encryption was one major form of protection that this company failed to offer its customers. As a result, hackers had access to all pertinent information needed in order to make good use of those credit card accounts. With verification codes, account holders’ names, and specific account numbers, cyber thieves had plenty of ammunition for a major shopping spree.

5. Yale University: Not Above Reproach

The Ivy League school found itself a victim of a breach in security as well. Yale officials were not aware that Google made changes to its search engine. As a result of these modifications, FTP servers that were not secure were open to attack. And 43,000 individuals had their social security numbers revealed due to the weakness in security measures, once again providing easy access for cyber thieves. The breach affected staff associated with the college and students. Officials took steps to correct the problem. They also offered security monitoring to all those who fell prey to the gap in security. This courtesy was provided free of charge.

6. Google and the Aurora Attacks

Google fell prey to cyber intrusion when unknown sources stole important intellectual data of great value. Several other companies were victims at the same time. Fingers pointed at China, yet no one could ever substantiate any claims. China denied any unquestionable activities. Google attempted to get around China’s censorship restrictions as a sign of protest. Eventually, the company buckled under pressure.

7. The McAfee Disaster

McAfee, well-known for producing anti-virus software to protect personal computers, made a major mistake when the company sent out a virus protection update that was malfunctioning. As a result, countless McAfee customers found themselves with computers that appeared to crash. While McAfee tried to correct the situation, its reputation was severely damaged.

8. The Goatse Security Fiasco

iPads suffered a serious attack when a group that coined the name, Goatse Security, revealed a security flaw in an app provided by AT&T. The result: over 100,000 email addresses were released, providing personal information to dishonest individuals. AT&T and Apple had to scramble for damage control, but it was too late to restore the confidence of many consumers.

9. Trouble at South Shore Hospital

A Massachusetts hospital revealed the loss of nearly a million health records. It is ironic for an establishment devoted to helping and protecting others. Lost information included financial data as well as health records. Victims of the disaster included not only patients, but employees, and business particulars as well. Only upon the Massachusetts Attorney General’s insistence did the hospital follow up by contacting all parties that were affected by this extreme breach in security.

10. Major Wikileaks

Wikileaks is a site that specializes in sharing information that would best be left private, exposing important information from sources around the globe. One of its most notorious attacks was the theft of over a quarter of a million communications from the United States state department. The contents of messages from high-ranking officials and leaders were revealed for all of the worlds to see.

Hillary Clinton was Secretary of State at the time and found herself in the unfortunate position of being the one to announce the severity of the attack, as well as apologizing to individuals of importance from around the world. While it was not due to any fault on the part of the United State, it was still a major breach in security, revealing some information that was less than favorable about other countries, weakening the United States’ position in some eyes. Wikileaks took a great deal of heat and demanded censure but made no apologies or change in tactics. Some countries blocked the site as a showing of disapproval.

How Can We Avoid and Prevent Security Breaches?

In a world that is changing at an incredibly fast pace due to technological advances, security is more of an issue than ever before. Cybercriminals are getting smarter, what with a young generation that eats, sleeps, and breathes technology. Kids are growing up, able to do amazing things at the click of a button.

There’s no doubt that we are raising a society of computer-savvy individuals. Businesses and governments need to make a point of hiring the very best to provide them with excellence in security. They’re the best bet? Put the hackers on the payroll, exposing all areas of weakness and working together with experts to make a system that is invincible in order to avoid the next cyber disaster to hit the airwaves.