December 27, 2016

Share Everywhere

Recent Data Breach Roundup: December 2016

Putting all other data breaches to shame, Yahoo clearly wanted to end 2016 with a bang when it announced the largest breach in history. And even for those of us who weren’t one of the billion users affected by the Yahoo breach, there were still plenty of other breaches at all types of companies to go around. There’s always hope that we’ll see fewer security breaches next year, but if the way things went in December are any indication of what’s to come in 2017, you may want to make sure you’ve got an active membership with IdentityForce.

Here are the recent data breaches that were making headlines in December 2016:

Yahoo

Yahoo made headlines about three months ago when they announced a 2014 data breach that affected 500 million users; at the time, it was considered to be the biggest data breach ever. In December, however, they crushed their own record when they revealed a 2013 breach may have compromised the personal information of one billion Yahoo accounts. Yahoo still isn’t sharing much about what happened, but they did say the stolen information “may have included” names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers. Payment and bank information was not stored in the breached system.

Firefox

At the beginning of December, Firefox released a critical update to fix a major vulnerability that was discovered. Attackers used a code that exploited the hole to execute a breach, and collected the IP and MAC address of each system that was targeted; that information was then sent to a central server. The goal of the attack was to reveal the identity of the browser user. Some security experts say the code is “almost exactly” the same as code used by the FBI in 2013 to bust individuals who were accessing child pornography.

Community Health Plan of Washington

Community Health Plan of Washington, a nonprofit that provides health insurance through Medicaid, revealed in December that more than 380,000 current and former members had personal information exposed in a data breach. An anonymous caller notified the company of a vulnerability in the computer network of NTT Data, the firm that provides it with technical services. The health organization hired a forensics investigation team who determined that member records were accessed without authorization. The stolen records contained full names, addresses, dates of birth, health claims information, and Social Security numbers. Members are being notified by Community Health Plan of Washington and being provided with steps they can take to protect themselves.

Lynda.com

Lynda.com, a popular online platform for professional education, announced a data breach in December. Owned by Microsoft’s LinkedIn, Lynda.com has not shared when the breach happened or how; its spokesperson only confirmed “This is a recent issue which we took immediate action to mitigate.” A database containing information on 9.5 million accounts was infiltrated by hackers, which gave them access to full names, email addresses, and courses viewed. The database also had 55,000 account passwords which were “cryptographically salted hashed,” making them harder to figure out. Lynda.com automatically reset those account passwords and notified users. There is no current evidence that any data has been used or made available publicly.

Check back next month to stay up to date on the most recent data breaches.

Heidi Daitch

Chief Strategy Officer at IdentityForce
Heidi is a busy working mom who juggles many of the same responsibilities and challenges at home and at work - a long list of things to do and not enough time to do everything. With so little time, Heidi tries hard to find simple, but effective strategies to save time for what’s really important – spending time with her family.

Join The Discussion

Your email address will never be published.