Recently, Computerworld provided a short list of noteworthy security breaches of 2007. Bad things only happen to the other guy, right?

• TJX claimed that over 45.6 million cards belonging to customers were compromised in an intrusion that went undetected for over 18 months.
• U.K.’s VA: HMRC misplaces records on 25 million kids.
• Personal information on over 8.5 million individuals was compromised when a senior database administrator working at Certegy Check Services Inc., a subsidiary of Fidelity National Information Services, illegally downloaded the data and sold it to brokers.
• TD Ameritrade Holding Corp. disclosed in September that someone had broken into one of its systems and stolen contact information such as names, addresses and phone numbers belonging to its more than 6.2 million retail and institutional customers.
• Names, e-mail addresses, mailing addresses, phone numbers and resume IDs belonging to an estimated 1.6 million job seekers were accessed from Monster.com’s resume database in August.
• Thousands of security professionals subscribing to a daily news roundup e-mailed by the Department of Homeland Security found their in-boxes clogged with mail from each other, thanks to an apparent technical oversight on the part of an e-mail administrator working for a DHS contractor.
• Supervalu Inc. in February was conned into sending $10 million to two fake bank accounts by phishers posing as employees working for two of the company’s approved suppliers.
• A signature update to Symantec Corp.’s anti-virus software in May crippled thousands of PCs in China.
• The House Judiciary Committee in October had to apologize to dozens of whistle-blowers for accidentally exposing their e-mail addresses to other individuals who, like them, had used a committee Web site to secretly submit tips about alleged abuses at the Department of Justice.
• In August, an unspecified server error at Microsoft Corp. resulted in many paying users of the company’s Vista and XP systems being mistakenly identified as pirates by Microsoft’s Windows Genuine Advantage (WGA) software validation system.
• A former security consultant at 3G Communications Corp. of Los Angeles admitted in November to running a huge botnet of a quarter million PCs that infected other machines with adware programs, and to using spyware to steal bank and PayPal account information.
• A DuPont employee who left for a rival company and downloaded DuPont confidential company documents valued at an estimated $400 million.
• A Unix system administrator at Medco Health Solutions Inc. pled guilty in September to planting a logic bomb that would have destroyed critical data — including prescription drug data for individuals — on more than 70 servers.

---

Leave a Reply

Name

Mail (will not be published)

Website

Please enter the above security code