Looking over the major headlines of the last year, you could argue that 2014 was the year of the IT security breach. From government websites and banking institutions, to cloud accounts and Hollywood studios, we’re kicking off 2015 with a review of some of the top IT security breaches of 2014.
Heartbleed Password Leak
Discovered by Neel Mehta of Google Security on March 21st, it wasn’t until April 7th that news of the now infamous Heartbleed bug was made public. Mehta uncovered a programming mistake that left private keys and other data open to systems protected by OpenSSL. The vulnerability acted as a wake up call to the tech community as a whole and triggered an open dialogue in the public sphere concerning IT security.
In early July the US government announced that one of its websites, healthcare.gov, had been compromised. In an investigation that includes the FBI, NSA, and Homeland Security, it was revealed that hackers gained access and uploaded malicious software to one of the website’s test servers that had mistakenly been left online. While there was no evidence that any consumer information was accessed, it showed the world that not even the US government is immune to IT security threats.
JPMorgan Chase Data Breach
This summer saw one of the biggest ever cyber attacks in history. JPMorgan Chase, the largest bank in the United States, admitted to a data breach affecting 76 million households and 7 million small business. The news sent the bank’s stock price plummeting, the breach has become the subject of a wide-reaching FBI investigation. Experts believe the private contact information leaked during the breach could be used for phishing attacks in the future, though it should be noted that JPMorgan Chase denies that any account numbers were compromised. Perhaps the most shocking part about this particular security incident is that it was conducted through using a single employee password.
Celebrity iCloud Hack
2014 was a bad year for the entertainment industry, at least in terms of IT security. As the summer of 2014 drew to an end, the private photos of notable celebrities, including Jennifer Lawrence, Kate Upton, and Kaley Cuoco were leaked onto the internet. Victims of an apparent brute force attack on their iCloud accounts, Apple vehemently denied that their systems were hacked per se. However, they followed this statement with a wave of new security updates.
Sony Pictures Entertainment
2014’s most notable IT security incident seemed like it came straight out of a Hollywood film script. In the waning weeks of the year, news broke that Sony Pictures Entertainment had been hacked. According to the BBC, ‘there were signs that Sony’s computer system had been compromised when skulls appeared on employees’ screens’. The subsequent data that was leaked, which included the salaries of notable film stars and personal emails, created a social media firestorm. Adding fuel to the flames was the attack’s links to North Korea and Sony’s initial decision to cancel the release of its film ‘The Interview’. Unconfirmed reports claim that some insider help was involved in the attack.
What to Expect in 2015
While preventing all possible IT security attacks is no longer a realistic goal, it should be noted that many of the more notable breaches of 2014 were the result of poor programming, carelessness, and a failure to accurately assess the possibility of an outside threat. It is probably safe to assume that IT security incidents will continue to make headlines in 2015, but what will be interesting to see is whether or not organizations will begin to take a more proactive approach towards security.