While there have been dozens of security breaches at this point in the year, we’ve highlighted the top three that have taken place in 2019 so far. Read on to learn what happened and what we can learn going forward.
The Facebook Breach – April 2019
In April, data breach hunters announced the discovery of two unsecured Amazon cloud servers containing over 540 million records collected by two third-party companies. The information that was “leaking” from these servers included user account names, Facebook IDs, friends, photos, group memberships, and passwords.
As is the case in most data breaches, these servers weren’t secured properly. One of the third parties, an online media company based in Mexico, ignored data breach hunters’ requests, and Amazon, despite knowing about the problem, did nothing until Facebook requested a solution to the problem.
For Facebook, this is a nightmare. It has allowed third-party developers access to user data for years, and now the proverbial chickens have come home to roost. If you’re working with third parties, make sure they secure your information.
The First American Breach – April 2019
April 2019 was an eventful month from a cybersecurity standpoint. First American, a real estate and insurance firm, revealed that a data breach exposed 885 million records. These records contained Social Security numbers, drivers’ license images, financial data, and transaction records, and they dated from 2003.
A real estate developer from Yakima, WA, contacted cybersecurity expert Brian Krebs to alert him of the leak. The developer received an email link from First American containing a document. He modified that link and was able to view other customers’ documents without having to authenticate his identity. Krebs noted that the incident was one of “the most common yet preventable.” First American didn’t secure its site correctly, which allowed anyone to access sensitive documents.
The Canva Breach – May 2019
Canva, the Australian graphic design software startup, reported that a hacker stole information belonging to approximately 139 million users in May of this year. The hacker later put that data up for sale (which included names, email addresses, and some physical location details) on the Dark Web.
The lesson here lies less in preventing breaches – cybersecurity experts call this attack “opportunistic” and one that “missed vital organs” – and more in how to inform users about the event. Canva buried the news in an email about an acquisition of two stock photo libraries. When you’re breached, own up to it clearly and succinctly; otherwise, your users will ignore the announcement.
Learning from Mistakes
Data breaches are becoming a fact of life, which is a sad statement to make. The reason is that in many cases (particularly the cases of Facebook and First American), they’re preventable. Additionally, hackers are becoming more and more daring, which made the Canva breach almost inevitable. The software platform’s response, however, left a great deal to be desired.
Aquila is ready to secure your systems. Please contact us for more details on how we can help.
Rachel Levy Sarfin
Latest posts by Rachel Levy Sarfin (see all)
- Cybersecurity Breaches of 2019 - November 6, 2019
- Does Cybersecurity Offer You a Competitive Advantage? - September 2, 2019
- How Safe Are US Federal Agencies from Cyber Threats? - August 6, 2019