The Cost Of Hacking
-
Upload
bluecoatss -
Category
Internet
-
view
3.524 -
download
0
Transcript of The Cost Of Hacking
<THE COST OF HACKING>
The threat hackers pose to businesses is undeniable, but what costs exactly do those threats entail? Let's take a closer look at some of the costliest attacks hackers have ever performed:
Click this icon to tweet information from each slide.
HEARTLAND (2008)
In 2008, hackers broke into the network at Heartland Payment Systems, the fifth largest payments processor in the U.S. Thirteen pieces of malware capitalized on weaknesses in Microsoft software. When card issuers reported a possible breach in October, Heartland hired two companies to search the network. The following January, they located the breach.
TYPE OF DATA STOLENcardholder namesaccount numberstrack data from credit
card magnetic strips
555687950361555687950361
MONEY LOSTRECORDS LOST
130 Million$12.6 Million
In May of 2014, global online retailer eBay discovered a breach in its main database, which held user passwords. Compromised between late February and early March, the system remained vulnerable for at least three months. Financial costs are not specified, but “Non-GAAP operating margin was 24.4 percent, down 190 basis points.”
EBAY(2014)
phone numbers dates of birth
TYPE OF DATA STOLEN
email registered addressespasswordscustomer names
RECORDS LOST
145 Million
TJ MAXX(2005-07)
In 2005, hackers broke into wireless networks that made use of WEP, a relatively weak security
protocol. The bad guys then accessed TJX internal systems, and remained undetected for 1 1/2 to 2 years. In the end, the hackers accessed
94 million records -- more than twice the 46 million originally estimated.
RECORDS LOST
94 MillionMONEY LOST
$130 Million
TYPE OF DATA STOLENcredit card numbers
RECORDS LOST
145 Million
LIVINGSOCIAL(2013)
In April of 2013, hackers tapped into LivingSocial computer systems, accessing customer data from servers. Among the stolen data: encrypted passwords, though LivingSocial does "hash" and "salt" its PWs. Thankfully, credit card information lived elsewhere and was untouched.
TYPE OF DATA STOLEN
names email addresses
dates of birth encryptedpasswords
MONEY LOSTRECORDS LOST
56 Million$43 Million
Attackers used a 3rd-party vendor's login information to gain entry into Home Depot's network—then acquired elevated rights, which enabled them to release customized malware into the retailer's self-checkout systems. Home Depot reported $43 million of pre-tax expenses linked to the breach in the 3rd quarter of 2014 alone. These included costs to investigate the breach, protect the identities of affected customers, staff additional call centers, and secure legal and professional services. The home-improvement giant expects additional lawsuits from payment card networks that suffered fraud losses, and that incurred additional operating expenses, such as card replacement costs. As of November 2014, 44 lawsuits were in the wings.
HOME DEPOT (2014)
TYPE OF DATA STOLEN
credit & debit card information
email addresses
MONEY LOST
RECORDS LOST
77 Million
$15 Million
customer names billing addresses birthdates PSN passwords and logins
profile data securirtyquestions
purchase histories
TYPE OF DATA STOLEN
SONY PSN(2011)
On April 19, 2011, Sony discovered hackers had breached its Playstation Network (PSN) and stolen data from 77 million user accounts over the
previous two days. The mega-brand immediately shut down the network... but waited a week to announce the reason. Sony denies that
any credit card data was taken, while attorneys involved in a class-action suit claim the hackers offered for purchase 2.2 million credit card
numbers and verification codes.
RECORDS LOST
700 MillionMONEY LOST
$38 Million
ADOBE(2013)
TYPE OF DATA STOLENusernames encryptedpasswords
********credit & debit
card information source code for products like
Photoshop & Acrobat
In October of 2013, attackers stole several million usernames and encrypted passwords, as well as
approximately 2.9 million encrypted credit or debit card numbers. Shortly after, a 3.8GB file with more
passwords showed up online though Adobe claimed that this could include inactive IDs, test
accounts, and IDs with invalid passwords.
RECORDS LOST
10 Million
SONY PICTURES(2014)
TYPE OF DATA STOLEN
5 filmspasswordssalaries of 6000 employees
In November 2014, anonymous hackers e-mailed execs at Sony Pictures, alleging "great damage by Sony Pictures (sic)," and threatening the company would be "bombarded as a whole" if demands weren't met. A few days later, suspicions indicated that the attack was related to the pending release of The Interview, a Sony comedy about the assassination of the North Korean Leader Kim Jong Un. As well, several pieces of sensitive data leaked online, including Sony employee salaries and contact information, and torrents of unreleased Sony films, including Annie, Mr. Turner, Still Alice, and To Write Love on Her Arms. Specific numbers aren't yet available, but even brand reputation costs are huge. Sony canceled the release of The Interview, and employees filed a class-action lawsuit against their own company for not securing networks, nor protecting companies after their personal information was compromised.
Heartland http://krebsonsecurity.com/tag/heartland-payment-systems/http://www.bloomberg.com/bw/stories/2009-07-06/lessons-from-the-data-breach-at-heartlandbusinessweek-business-news-stock-market-and-financial-advicehttp://www.networkworld.com/article/2254061/lan-wan/security-breach-cost-heartland--12-6-million-so-far.html eBayhttp://www.forbes.com/sites/gordonkelly/2014/05/21/ebay-suffers-massive-security-breach-all-users-must-their-change-passwords/
TK / TJ Maxxhttp://money.cnn.com/gallery/technology/security/2013/12/19/biggest-credit-card-hacks/3.htmlhttp://www.internetnews.com/ent-news/article.php/3714611/How+TJX+Became+a+Lesson+In+Proper+Security.htm Sony PSNhttps://www.cocc.com/whitepaper/16/lessons-sony-playstation-breacheshttp://www.reuters.com/article/2011/04/26/us-sony-stoldendata-idUSTRE73P6WB20110426http://www.polygon.com/2014/7/23/5931793/sony-2011-data-breach-class-action-lawsuit
Home Depothttp://phx.corporate-ir.net/phoenix.zhtml?c=63646&p=irol-newsArticle&ID=1964976https://corporate.homedepot.com/MediaCenter/Documents/Press%20Release.pdfhttp://www.esecurityplanet.com/network-security/home-depot-breach-has-already-cost-the-company-43-million.html
LivingSocial http://www.crn.com/news/security/240153803/livingsocial-data-breach-affects-millions.htmhttps://www.livingsocial.com/createpassword
Adobehttp://www.pcworld.com/article/2059002/adobe-security-breach-worse-than-originally-thought.htmlhttps://www.wisepiggy.com/credit_tutorial/credit_score/major-security-breaches.html
Sony Pictures http://thenextweb.com/insider/2014/12/13/timeline-sony-breach-data-leaks-far/http://rt.com/usa/229291-sony-hack-cost-millions/
REFERENCES
</THE COST OF HACKING>