The Biggest Security Breaches of 2009
Page 1 of 1
As people dutifully shred their every statement and credit card offer, clumsy businesses and governments are compromised by hackers on a regular basis. It would be funny if it wasn't so sad and scary. eSecurity Planet has the List of Shame.
From stolen devices and phishing attacks to buggy apps and human blunders, 2009 was another banner year for data breaches. According to the Privacy Rights Clearinghouse, over 345 million records containing sensitive data have been involved in incidents within the United States since January 2005. But last year, one single breach compromised 130 million records. In an effort to do better this year, let's recount some of the worst data breaches reported in 2009.
10) Los Alamos National Labs (LANL)
This facility makes our list due to its history and sensitivity rather than the (unspecified) size of its February 2009 breach. This nuclear research complex continues to make headlinesthis time by reporting that nearly 70 computers had gone missing from the labs, including at least 13 PCs verified lost or stolen, and one BlackBerry left in an undisclosed "sensitive" country. Although this incident did not expose classified data, LANL's apparently lax asset management practices could pose a national security concern.
9) Virginia Department of Health Professions (DHP)
This agency, responsible for licensing health care professionals and enforcing standards of practice, reported that its database of prescription drug records for 530,000 patients was hacked in April 2009. The thief posted a ransom message on DHP's Website, attempting to extort $10M for the safe return of stolen data. Fortunately, his claim to have destroyed both the live database and its backups turned out to be false; DHP restored online services by recovering data from verified backups. Nonetheless, over half a million social security numbers and 35 million prescription records may have been exposed.