3 Data Breaches That Could’ve Been Prevented (and How)

How to prevent a data breach

More than 90 percent of data breaches may be avoidable, according to the Online Trust Alliance’s (OTA) Cyber Incident & Breach Trends Report. The group suggests that a stronger focus on cybersecurity fundamentals could reduce the number of avoidable incidents, which are caused by everything from misconfigured servers to employee errors. Unfortunately, even the largest companies and municipalities make these simple mistakes.

Let’s take a look at three high-profile data breaches that could have been prevented with the right security precautions in place.

More than 90% of data breaches may be avoidable, and even if they’re not, you can contain the fallout.

#1: Equifax’s Data Breach

Equifax, one of the world’s largest credit rating agencies, experienced a data breach that exposed nearly 150 million consumer records in September 2017.

A House Oversight Committee report concluded that the company’s security practices and policies were sub-par and its systems were old and out-of-date. For example, the company failed to patch a known vulnerability in Apache Struts, a common open source web server, which Homeland Security had issued a warning about months before the attack.

The attackers took advantage of this vulnerability to open a web shell on the server and retained access for more than two months. After coming across an unencrypted file containing numerous passwords, the attackers accessed nearly 50 different databases that contained unencrypted consumer credit data using more than 9,000 queries on 265 different occasions.

To make matters worse, the company didn’t notice the data breach because the device used to monitor network traffic had been inactive for 19 months due to an expired security certificate. After updating the certificate, the company immediately noticed the suspicious web traffic, suggesting that the presence of a network monitoring solution could have limited the breach.

Download our free data breach response plan template to see how to respond to a data breach.

The entire breach could have been prevented with a simple security patch to fix a known vulnerability, but the severity of the data breach could have been prevented in at least two other ways. The company should have encrypted all of its consumer records and maintained its network monitoring solution to ensure the sensitive data was safeguarded.

#2: Baltimore’s Ransomware

The City of Baltimore experienced a ransomware attack in May 2019 that took down its voicemail, email, and other vital systems that its citizens use on a daily basis.

The attackers used a popular ransomware program called RobbinHood (sic) that scans computer systems for vulnerabilities, such as gaps in protocols used to grant remote access to computers, and encrypted the data on affected systems. In a digital ransom note, the attackers demanded about $100,000 in Bitcoin for the key to unlock the data.

Baltimore estimates that the ransomware attack will cost the city at least $18 million in costs to restore systems and make up for lost or delayed revenue. In addition to Baltimore, there have been at least 46 ransomware attacks last year and at least 24 ransomware attacks in 2019. These attacks have targeted U.S. cities ranging from Atlanta, GA to Greenville, NC.

While not all ransomware attacks are preventable, adhering to cybersecurity best practices can dramatically cut down on risks. Anti-virus, anti-malware, and firewall solutions can identify threats and eliminate vulnerabilities, while content scanning and filtering for mail servers and networks can prevent another common attack vector.

The impact of a ransomware attack can be greatly mitigated by encrypting data and maintaining secure cloud backups. If a computer suffers from a ransomware attack, everything can be erased, vulnerabilities can be fixed, and the lost data can be restored within minutes. There’s no risk of consumer data being exposed and there’s no need to pay to recover the data.

#3: Facebook’s Data Breach

Facebook improperly shared data from upwards of 80 million users with the political consultancy Cambridge Analytica in early 2018. Without the users’ consent, the company leveraged the data for political advertising and other purposes.

Cambridge Analytica developed an app called “This is Your Digital Life” that created an informed consent process for research. Using the Facebook app, about 300,000 users agreed to complete a survey for academic use only. A flaw in Facebook’s platform enabled the app to also collect information for the followers of the users that had opted in without their permission.

Cambridge Analytica used the data, including their public profile, page likes, birthday, current city, news feed, timeline, and messages to create a psychographic profile. The company leveraged these profiles to determine what kind of advertisement would be most effective to persuade a particular person in a particular location to vote in a particular direction.

Facebook could have prevented the security breach by better controlling permissions that it gave third-party apps to access its data. For example, it could have limited the data gathering to the roughly 300,000 Facebook users that opted in to provide their data rather than the millions that did not opt in but still had their data shared.

While not all companies operate as platforms like Facebook, many companies interact with third parties that access their data. Ensure that third parties have permission to access no more than the agreed upon data, and terminate the data sharing when it’s no longer required. This includes dealing with third-party contractors that may have temporary access to certain databases.

Don’t forget to download our free data breach response plan template to see how to respond to a data breach.

The Bottom Line

Data breaches are becoming increasingly common as more consumers and devices are connected to the Internet. While not all data breaches can be prevented, most data breaches are preventable and the recovery from a data breach doesn’t always need to be costly. There are simple measures that you can take to protect your business from attack.

Lockstep Technology Group specializes in helping IT leaders in planning, developing, and implementing enterprise-class technology solutions. We can help you secure critical infrastructure and sensitive data with strategic risk evaluations, as well as setup secure managed IT and cloud-based solutions to keep costs under control.

Contact us today to learn more about how you can protect your data with Lockstep Technology Group.