AOH :: IS1518.HTM

Top 10 Security Breaches of 2008

Top 10 Security Breaches of 2008
Top 10 Security Breaches of 2008


http://www.bankinfosecurity.com/articles.php?art_id=1120 

By Linda McGlasson
Managing Editor
Bank Info Security
December 22, 2008

>From Hannaford to Countrywide to the Bank of New York Mellon, 2008 has 
been a year of high-profile security breaches in or impacting the 
financial services industry. Here's our list of the top 10 - and lessons 
that should be learned, so we aren't back revisiting these issues in 
'09.


1. TJX Case Winds Up, Arrests Made

Earlier this year, The TJX Companies (parent of retailer TJ Maxx) 
settled in federal court and paid out millions to its federal regulator, 
the Federal Trade Commission, banking institutions, credit card 
companies and consumers to bring to a close the court cases that had 
threatened to overwhelm the company.

The August arrest of 11 alleged hackers accused of stealing more than 40 
million credit and debit cards brings law enforcement closer to closing 
what is still the largest hack ever. The U.S. Department of Justice 
brought charges against 11 alleged hackers from around the globe. Some 
of the hacking gang were nabbed and brought to the U.S. to face trial 
alongside three U.S.-based defendants. Two of the defendants, 
Christopher Scott and Damon Patrick Toey, have already pled guilty in 
the case. Others including the ringleader, Alberto Gonzalez, await 
trial.

Lesson Learned: The wide-range of the perpetrators brings to light 
something that those in the cyber intelligence realm have known for some 
time: Criminal hackers are part of a very mature and multi-billion 
dollar industry that reaches around the world. No organization is immune 
to the threat.


2. Bank of New York Mellon

An unencrypted backup tape with 4.5 million customers of the Bank of New 
York Mellon went missing on Feb. 27, after it was sent to a storage 
facility. The missing tape contains social security numbers and bank 
account information on 4.5 million customers - including several hundred 
thousand depositors and investors of People's United Bank of 
Connecticut, which had given Bank of New York Mellon the information so 
it could offer those consumers an investment opportunity.

Lesson Learned: For Bank of New York Mellon, know that when data is 
released to a third-party that their security is as good or better than 
yours. Encryption isn't just something that is good for the data held at 
an institution; it's also something to consider for data that leaves the 
institution.

[...]


_______________________________________________      
Help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html

Site design & layout copyright © 1986- CodeGods