NuHarbor Security
  • Solutions
    Solutions
    Custom cybersecurity solutions that meet you where you are.
    • Overview
    • Our Approach
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • By Business Need
      • Identify Gaps in My Cybersecurity Plan
      • Detect and Respond to Threats in My Environment
      • Fulfill Compliance Assessments and Requirements
      • Verify Security With Expert-Led Testing
      • Manage Complex Cybersecurity Technologies
      • Security Monitoring With Splunk
    • By Industry
      • State & Local Government
      • Higher Education
      • Federal
      • Finance
      • Healthcare
      • Insurance
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Services
    Services
    Outcomes you want from a team of experts you can trust.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Security Testing
      • Penetration Testing
      • Application Penetration Testing
      • Vulnerability Scanning
      • Wireless Penetration Testing
      • Internal Penetration Testing
      • External Penetration Testing
    • Assessment & Compliance
      • CMMC Compliance
      • NIST 800-53
      • HIPAA Security Standards
      • ISO 27001
      • MARS-E Security Standards
      • New York Cybersecurity (23 NYCRR 500)
      • Payment Card Industry (PCI)
    • Advisory & Planning
      • Security Strategy
      • Incident Response Planning
      • Security Program Reviews
      • Security Risk Assessments
      • Virtual CISO
      • Policy Review
    • Managed Services
      • Curated Threat Intelligence
      • Managed Detection and Response (MDR)
      • Sentinel Managed Extended Detection and Response (MXDR)
      • SOC as a Service
      • Splunk Managed Services
      • Tenable Managed Services
      • Vendor Security Assessments
      • Vulnerability Management
      • Zscaler Support Services
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Partners
  • Resources
    Resources
    Explore reports, webinars, case studies, and more.
    • Browse Resources
    • Consultation Icon Consult with an expert
    • Blog icon Blog
    • Podcast icon Podcast
    • Annual SLED CPR icon Annual SLED CPR
    • Downloadable Assets icon Downloadable Assets
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Company
    Company
    We do cybersecurity differently – the right way.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Leadership
    • News
    • Careers
    • Contact
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Consult with an expert
  • Client support
  • Careers
  • Contact
1.800.917.5719
NuHarbor Security Blog
    • Compliance
    • Cybersecurity Technology
    • Security Operations
    • Industry Insights
    • Security Testing
    • Advisory and Planning
    • Application Security
    • Managed Detection and Response
    • Threat Intelligence
    • NuHarbor
    • Managed Services
    • Cyber Talent
February 5, 2020

Top Three Breaches of the Last Decade

Justin Fimlaid Justin Fimlaid

Unless you’re living in a cave, you’ve provided data to a corporation, and a hacker has probably stolen it. Personal data today is one of the most valuable assets on the planet, which leads organizations to spend enormous resources to collect data. However, those same entities can lack the security to stop hackers from stealing said valuable personally identifiable information (PII). We will investigate three major data breaches in the past decade, how hackers stole the data, plus some Monday Night Quarterbacking on what information assurance practices could have prevented the breaches.


Target (December 2013)

Information Stolen: 40 million Customer credit card accounts and 110 million sets of PII (emails and phone numbers)
Target Spent: $100 million to upgrade their systems as well as $18.5 million in fines and to their affected customers
The Vector: Self-Checkout Terminal and Social Engineering attack on HVAC Vendor of Target
Attack Type: Password-stealing malware bot and malware designed to search for financial and personal information

How Hackers Stole the Data

Malware residing on the self-checkout terminal stole personal information and financial information from customers. The hacker or hackers started at one of Target HVAC contracting companies, Fazio Mechanical. The hacker(s) used a malware bot designed to steal login credentials via email phishing from Fazio. Fazio had access to multiple external systems designed for Target contracting companies, a billing system called Ariba, Partners Online (Target’s PM portal), and Property Development Zone portal. Target’s system administrators can access all these systems internally. It is unknown how the hacker(s) jumped from access to Fazio’s account on Targets external systems to Target’s internal systems. Once on the internal systems however, the hacker(s) injected malware designed to search for person and financial information onto an account designed to run a task on the checkout terminal called “Best1_user”.

What Information Assurance Practices Should Have Been in Place?

Fazio Mechanical reported that they complied with industry standards on security, however their anti-malware software at the time of the attack was the free version of Malwarebytes. The free version of Malwarebytes does not offer real-time scanning, which would have notified their security team of the malware. The free version requires manual scanning on individual computers. Additionally, the free version of Malwarebytes terms and conditions state that it is not made for cooperate use, only individual users.

On Target’s side at the time of the attack, they had no implementations of two-factor authentication or one-time tokens for venders like Fazio. Target did have extra security measures for vendors that had access to personal and financial information. However, Target did not segment this PII from vendors such as Fazio. This unsegmented access to Target’s systems is a strong candidate for how malware was injected into Target’s internal system.


Equifax (March 2017)

Information Stolen: Name and date of birth - 147 million, SSN - 146 million, Addresses - 99 million, Driver’s License, phone number and gender - 18-27 million, Payment cards – 209 thousand, TaxID - 98 thousand
Equifax Spent: $425 million to help those affected
The Vector: Web Application Framework, Apache Struts

How Hackers Stole the Data

Equifax was using a vulnerably web application framework called Apache Struts to run a tool for customers to report issues with their credit report. The United States Department of Homeland Security reported the vulnerability in March of 2017. Equifax reported that they knew about the vulnerability and took steps to patch affected systems, although multiple breaches occurred from May 13th to July 30th. The vulnerability allowed attackers to take full control of web servers that were using the unpatched version of Apache Struts. The hackers escalated and moved laterally from the web servers to find and steal data from Equifax’s customers.

What Information Assurance Practices Should Have Been in Place?

Equifax was aware of the vulnerability before the hackers breached their systems. Equifax should have understood the scope of the vulnerability and acted to properly patch their systems. This would have involved the security team taking down the systems that used Apache Struts and manually patching them as well as testing to make sure the system was secured before re-opening the systems.

Additional Information about the Equifax Breach

The data from the Equifax breach is yet to be seen. Following an attack, hackers usually attempt to sell data immediately, as newly stolen PII sells for much more than older information. There are currently two theories as to why the data has not been seen on the dark web for sale. The first is that the hacker (s) understand that the Equifax breach has more sensitive information than any other breaches and selling the information could lead to their arrest. Therefore, the hacker(s) could be waiting for the public to forget about the Equifax breach before selling. The second theory is more geopolitical. For instance, a nation state could have taken the data in order to process it for possible spies, people that are susceptible to bribery, or other vulnerabilities in the United States government.

Update on Equifax Data Breach - 2/10/20

The United States has blamed China for the Equifax breach as of February 10, 2020. Additionally, they have charged four Chinese military personnel. The US has reported that intellectual property was also stolen from Equifax. The United States has blamed China for breaches in the past. In 2014, four Chinese military hackers were charged with breaking into US corporations and stealing intellectual property.


Yahoo (August 2013 and Late 2014)

Information Stolen: 3 billion Yahoo accounts, including emails, addresses, phone number, passwords and security questions
Yahoo Spent: $117.5 million, including legal fees
The Vector: Spear-phishing attack (phishing tailored to each individual)
Attack type: Unauthorized access to database

How Hackers Stole the Data

The attacker sent a spear-phishing email to specific employees at Yahoo’s cooperate office in order to gain access to the Yahoo database containing customer information. Once the hacker gained access, they installed backdoor which gave them continues access to Yahoo’s database. The hacker than downloaded information from approximately 3 billion users. Much of the information was unencrypted, including passwords and security questions.

What Information Assurance Practices Should Have Been in Place?

Yahoo could have implemented many practices to prevent this data breach. For starters, Yahoo should have had a more robust system architecture so that the data was split up among multiple databases and secured separately. Additionally, Yahoo should have encrypted their data, especially security question answers and all user passwords. Finally, Yahoo could have utilized more robust system scans to search for vulnerabilities such as backdoors. Security scans have become more mainstream in recent years but a company that deals with the scope of data like Yahoo should have maintained secure infrastructure and procedures.


The Hack You Haven’t Heard of

The previous three data breaches are some of the most notable in the past decade. However, there are surely other breaches that the news has not picked up on because hackers have breached the company without their knowledge. Often, companies find out about a breach from hackers selling their information on the dark web. Also, there are nation states, hacking groups, and individuals that sit on data or use it personally. Meaning, companies and their customers are unaware. Therefore, all companies must be aware of their current security vulnerabilities and have proper procedures and infrastructure to keep their systems secure.

Jon is a Cybersecurity Marketing Intern. He attends Champlain College and will graduate in 2021.

Follow us on Social Media for more information:

Twitter facebook LinkedIn instagram

[hubspot type=form portal=9212203 id=78ed4f55-84a0-4cb8-bae7-8d92e16878ab]

Justin Fimlaid
Justin Fimlaid

Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.

Related Posts

Security Operations 3 min read
4 Ways to prevent data breaches in the retail industry Read More
Compliance 3 min read
Securing Healthcare from Ransomware Attacks Read More
Industry Insights 2 min read
Beware, Ransomware Attacks - An Attack on the Rise? Read More

Subscribe via Email

Subscribe to our blog to get insights sent directly to your inbox.

Subscribe Here!

Latest Pwned episodes

Episode 200 - Reflections of Pwned...Until Next Time
April 03, 2024
Episode 200 - Reflections of Pwned...Until Next Time
Listen Now
Episode 199 - When a BlackCat Crosses Your Path...
March 21, 2024
Episode 199 - When a BlackCat Crosses Your Path...
Listen Now
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
March 08, 2024
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
Listen Now
NuHarbor Security logo
NuHarbor Security

553 Roosevelt Highway
Colchester, VT 05446

1.800.917.5719

  • Solutions
  • Services
  • Partners
  • Resources
  • Company
  • Contact
  • Privacy Policy
Connect
  • Twitter
  • Linkedin
  • YouTube
©2025 NuHarbor Security. All rights reserved.