Putting all other data breaches to shame, Yahoo clearly wanted to end 2016 with a bang when it announced the largest breach in history. And even for those of us who weren’t one of the billion users affected by the Yahoo breach, there were still plenty of other breaches at all types of companies to go around. There’s always hope that we’ll see fewer security breaches next year, but if the way things went in December are any indication of what’s to come in 2017, you may want to make sure you’ve got an active membership with IdentityForce.
Here are the recent data breaches that were making headlines in December 2016:
Yahoo made headlines about three months ago when they announced a 2014 data breach that affected 500 million users; at the time, it was considered to be the biggest data breach ever. In December, however, they crushed their own record when they revealed a 2013 breach may have compromised the personal information of one billion Yahoo accounts. Yahoo still isn’t sharing much about what happened, but they did say the stolen information “may have included” names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers. Payment and bank information was not stored in the breached system.
At the beginning of December, Firefox released a critical update to fix a major vulnerability that was discovered. Attackers used a code that exploited the hole to execute a breach, and collected the IP and MAC address of each system that was targeted; that information was then sent to a central server. The goal of the attack was to reveal the identity of the browser user. Some security experts say the code is “almost exactly” the same as code used by the FBI in 2013 to bust individuals who were accessing child pornography.
Community Health Plan of Washington
Community Health Plan of Washington, a nonprofit that provides health insurance through Medicaid, revealed in December that more than 380,000 current and former members had personal information exposed in a data breach. An anonymous caller notified the company of a vulnerability in the computer network of NTT Data, the firm that provides it with technical services. The health organization hired a forensics investigation team who determined that member records were accessed without authorization. The stolen records contained full names, addresses, dates of birth, health claims information, and Social Security numbers. Members are being notified by Community Health Plan of Washington and being provided with steps they can take to protect themselves.
Lynda.com, a popular online platform for professional education, announced a data breach in December. Owned by Microsoft’s LinkedIn, Lynda.com has not shared when the breach happened or how; its spokesperson only confirmed “This is a recent issue which we took immediate action to mitigate.” A database containing information on 9.5 million accounts was infiltrated by hackers, which gave them access to full names, email addresses, and courses viewed. The database also had 55,000 account passwords which were “cryptographically salted hashed,” making them harder to figure out. Lynda.com automatically reset those account passwords and notified users. There is no current evidence that any data has been used or made available publicly.
Check back next month to stay up to date on the most recent data breaches.