Data security needs to be a priority for every company because failing to protect the personal information of your customers or clients can have a disastrous, wide-spreading impact. From virtual attacks by hackers to data theft via hard drives that weren’t sanitized, data breaches can occur at any time and through a wide range of methods. If you don’t think your company needs to follow data security best practices, then you’re putting your company and your investment at serious risk.
The following represent just a fraction of the breaches in data security experienced by some of the country’s largest corporations and organizations.
1. The New York Times
In January of 2013, a highly sophisticated attack was initiated against reporters at The New York Times. The security breach lasted months on the newspaper giant’s systems, during which time the attackers used the valid credentials to remain stealthy on the network. The attackers used 45 pieces of custom malware and accessed the computers of 53 Times employees. Slipping past corporate antivirus and other security systems, the attackers were able to access a domain controller containing the database of hashed passwords for every employee at The New York Times.
2. PlayStation Network and Sony Online Entertainment
In April and May of 2011, the Sony PlayStation Network suffered not one security breach, but two. In what is still considered one of the largest data breaches of all time, hackers were able to access the credit card numbers and expiration dates, as well as other personal information, for an estimated 77 million customers.
3. Heartland Payment Systems
In 2009, Heartland Payment Systems suffered what has been called the largest credit card crime of all time. The company announced that hackers had broken into the computers it uses to process about 100 million transactions each month for its 175,000 merchants. The hack was uncovered after Visa and MasterCard notified Heartland about suspicious transactions. Three men were eventually indicted by a grand jury on charges related to masterminding the scheme to steal more than 130 million credit and debit card numbers and personal information from Heartland, 7-Eleven Inc., and other companies.
The breach cost Heartland more than $41.4 million, which the company agreed to pay MasterCard issuers to settle claims over the data breach.
TJX Company Inc.’s companies include T.J. Maxx, Marshalls, and HomeSense. In December 2006, the Framingham, Massachusetts-based TJX alerted law enforcement that cybercriminals had stolen more than 45 million customer records between 2003 and 2004. The company finally went public with the news in January 2007. Within eight months, the company had spent more than $20 million investigating the incident, notifying customers, and hiring lawyers to deal with dozens of lawsuits. The hack alerted the retail industry to the threat of cybercriminals and pushed lawmakers to fast-track data security legislation.
5. U.S. Department of Veterans Affairs
In October 2009, the National Archives and Records Administration investigated the U.S. Department of Veterans Affairs when it was believed that the personal information for as many as 76 million veterans might have been compromised when a defective hard drive was sent for repair and recycling without first having all of the data on it sanitized. The hard drive in question was used to store health records and discharge papers, as well as millions of Social Security numbers, for the nation’s veterans.
In a more recent episode, a Montgomery, Maryland clinical social worker self-reported a patient privacy incident that occurred between late 2012 and early 2013. The social worker notified the Baltimore Office of the Attorney General (OAG) about an incident in which seven clients’ data was exposed due to a vendor’s poor patient privacy procedures. The hard drive containing the data was supposed to be wiped clean, but the vendor, Other World Computing, instead sold the drive to a German doctor with all the data intact and viewable. The doctor contacted the social worker via email to notify her that patient data was still recorded on the drive.
If your company is selling, re-using, or disposing of older hard drives, then it needs to ensure that the information and data contained on those drives is effectively destroyed before moving them to the next phase. As you can see by the examples above, a data breach can happen to even the largest companies.
One of the most effective ways to ensure that your company doesn’t suffer such a costly experience is to partner with a trusted and reputable provider of data destruction services. At Liquid Technology, we offer DOD-certified data wiping services using our proprietary software. This process completely erases the recorded data while maintaining the integrity of the drive so it will be safe for resale or re-use. Or, if the hard drives are not being reused or sold, then our hard drive shredding or degaussing services may suffice. In order to find out which service would work best for you, just give us call at 800-797-5478. We’ll discuss your situation and help you get the services you need to help eliminate the risk of your company suffering a data security breach.