Red, White, and Breach
July marks the mid-way point of 2013 and with the Independence Day holiday tomorrow, what better time to review the top breaches of 2013 thus far? Our friends at SC Magazine took the liberty of listing the top five to-date:
LivingSocial Daily-deal website
LivingSocial confirmed that its computer systems were hacked, resulting in "unauthorized access." The company updated its password encryption method after the breach impacted more than 50 million users. Names, email addresses, dates of birth, and salted passwords were stolen.
Washington state Administrative Office of the Courts
After the public website of the Washington state Administrative Office of the Courts was hacked, sensitive data of individuals whose cases were making their way through the state court system was compromised. Names, Social Security numbers, and driver's license numbers were accessed.
The popular note taking software service, Evernote, had to reset the passwords of all of its 50 million users following a network breach. The company did not find any indication that content or payment information was stolen. Usernames, email addresses, and encrypted passwords of users were accessed.
The servers of the open source content management platform were hacked, and the sensitive information of close to one million accounts was stolen. As a safety measure, the company reset all passwords. Usernames, email addresses, country information, and hashed passwords were all exposed.
Federal Reserve internal site
The Fed admitted that hacking collective Anonymous breached one of its internal websites, accessing the personal data of 4,000 bank executives. Mailing addresses, phone numbers, business emails and fax numbers were accessed and published by the hackers online.
In other news, the Department of Health and Human Services wants anyone who experiences a breach to race against the clock: Buried deep within the recently released 253-page proposed rule governing state health insurance exchanges, created under federal healthcare reform, is a stunning requirement: Breaches must be reported within one hour of discovery to the Department of Health and Human Services.
That may seem like an incredible demand, considering that the HIPAA breach notification rule gives covered entities up to 60 days to report breaches. But the proposal is not without precedent. So... some things to think about while enjoying tomorrow's holiday. From all of us at Axis: Have a secure 4th of July!