I see some analysts in the field using this time, with the year halfway through, to take stock of the data breaches we’ve encountered so far. The results paint a unique picture.
One area that has seen a marked increase is in the actions of state-sponsored actors. Beginning in 2017, evidence pointed to Russian hackers infiltrating US power companies, as well as being responsible for the NotPetya ransomware. This year at last has come official, public acknowledgement. Similarly, this past March, the Department of Justice indicted nine hackers from Iran who ran phishing campaigns on over 300 universities worldwide, including 144 in the US. The 31 terabytes of data stolen reportedly totaled $3 billion.
Corporate security is also being pressured, as Under Armour can attest. Even that company, which took a number of correct preventative measures, still didn’t cover all its bases. This is a complex issue for any entity to address, with numerous boxes to check off. And mistakes can still sneak up on anyone.
Of course, this is what guidelines like GDPR are intended to assist with. Taking this into account, Uber has now hired its first chief privacy officer, Ruby Zefo, to comply with the EU regulations. Her job will be to centralize and collate all the company’s disparate privacy standards and processes in various departments. Along for the ride will also be Uber’s first data protection officer, Simon Hania. After all, once you’ve had one major data breach that exposes 57 million users in the news, the last thing you want is a sequel, and it looks like Uber knows it.
Sometimes, on a different note, the hackers also want to prove a point. This looks to be the case with the recent breach of Canadian home care services provider CarePartners. Their announcement of a data breach in June was shortly followed by the hackers themselves contacting CBC News, to highlight the security shortcomings of the provider. The breach involved the exposure of medical records of over 80,000 patients. This included thorough medical histories, credit card numbers, addresses, phone numbers and more.
Speaking to CBC, the group stated, “This data breach affects hundreds of thousands of Canadians and was completely avoidable…None of the data we have was encrypted.”
Lest we think this was a purely altruistic hack, however, the hackers are still holding the data for ransom. “We requested compensation in exchange for telling them how to fix their security issues and for us to not leak data online,” they said.
From government hackers to increased health data compromise, the picture we get of cybersecurity and data breaches halfway through the year is an intense and sometimes weird one.