Data Breaches That Will Haunt You

Data Breaches That Will Haunt You

This year has been filled with some of the biggest data breaches in history, which is a truly horrific thought.

Halloween is a ghoulish time of year. AMC’s Fearfest is in full swing, Hollywood’s latest terror-inducing features open in theatres, and parties like “A Nightmare on Queen Street” and “Halloween Freakout” are organized. While Jason, Chucky, and Freddy were the nightmares of our childhood, these shriek coaxing monsters seem almost cuddly compared to the shackles of our identity, personal information, and credit rating. Whether you were a Boomer, horrified by Psycho and Rosemary’s Baby; A Gen X’er, terrified by The Shining and A Nightmare on Elm Street; or A Millennial kept up by Scream and Saw, none of those could have prepared you for the horrors of the modern data breach.

 

This year has been filled with some of the biggest data breaches in history, which is a truly horrific thought. It’s a nightmare for everyone involved, and it feels like we’re living in a horror movie. Maybe it’s more than a feeling, maybe we are living in a horror movie. If that’s the case, then tying these breaches back to common horror tropes (from TVTropes.org) should be relatively easy.

 

The Ominously Open Door
The open door, lurking just down the corridor is a common scene in movies, but, in horror movies, it always comes with a jump-scare. That door at the far end of the room is just slightly ajar but we all know it should be closed. Our protagonist approaches the door, the music intensifies, she pushes the door open and we all jump as we get a full view of the monster. Repeat after me, ‘Nothing good ever comes of open doors.’  This same trope can be applied to the Verizon breach in July. An open AWS S3 bucket contained data on somewhere between 6 and 14 million customers. It’s a reasonable assumption that this open “door” scared the Verizon customers whose data was leaked. Much like slasher films, where the same story is told dozens of times, this method of gaining access is not unique. Open AWS S3 buckets also led to the loss of 1.3 million student records from data warehousing company Schoolzilla and more than 9,400 resumes from applicants to the security firm TigerSwan.

 

Anyone Can Die

You never know who is next in the movies. It could be any character at any time. Not only people but animals are also a possibility, so you have to expect the unexpected. Whether you have one scene with no lines or appear in the entire movie with a 15-minute monologue, no one is safe. Just as you think that the last of the heroes will make it out of the haunted house, a glint of an axe on the camera reminds you, “No One Is Safe!” The same is true in the data breach world, just ask the victims of the Edmodo breach. The data of 77 million users was exposed, which is considered to be the largest breach of K-12 student data in history. Data breaches don’t just impact adults, everyone’s data is fair game to malicious actors.

 

Absurdly Ineffective Barricade

We’ve all seen this. Running from the monster, our hero ducks into a room and slams the door. He wedges a small chair under the door handle and breathes a sign of relief. Moments later, the door and chair fly across the room as the monster smashes its way in. The more applicable instance, however, is the bumbling band of misfits that pile every item in the room against the door, step back, proud of their accomplishment, only to turn around and see the monster enter the open door at the opposite end of the room. You can have all the security you want in place, but one opening anywhere is enough for our horror movie villain – and hackers – to get in. Take Equifax, for example, where a single overlooked vulnerability resulted in the exposure of the personal data of 143 million people and more lost sleep than the entire Nightmare on Elm Street franchise.

 

The Calls Are Coming from Inside the House

From 1979’s ‘When a Stranger Calls’ to Drew Barrymore’s iconic opening scene in Scream (1996), this is a well-known and oft-used trope. In the days of cell phones, this doesn’t quite have the same scare factor but many of us remember how scary the idea of picking up the phone and finding out someone was calling from inside the house was. In the days following the release of Scream, babysitters were more vigilant than ever before. While not tied to a specific media worthy breach, the risk from insiders permeates enterprises. According to Verizon’s “2017 Data Breach Investigations Report” more than 14% of breaches involved insiders or privilege misuse. That number is frighteningly high.

 

Camp Unsafe Isn’t Safe Anymore

Relax! We’re safe here… at least until we aren’t. You find a room, you take refuge, knowing that the movie’s killer can’t catch you here and then, suddenly, someone realizes that he can. It was never safe, even when you thought it was. This feels like an overarching theme in the security world. Vulnerabilities always exist, even before they are discovered and every safeguard we make is ultimately flawed in some way. This year, we saw multiple breaches where the aftermath involved MD5 hashes of user passwords being released. This involved both 715K members of PoliceOne, a LEO community, and 700K members of DaFont.com, a font sharing website. MD5 was never really safe, it just took many years for someone to say “Hey, this doesn’t feel very safe,” and many more before anyone demonstrated just how unsafe. At least in the movies, our protagonists know to run when this is said but, in this case, these sites continued on with the broken and insecure hashing algorithms.

 

So, maybe we are living in a horror movie, maybe nightmares are haunting us every day. Statistics for the first half of 2017 put the breach count at 5 breaches daily[1]. If you aren’t scared, you should be. Unlike horror movies, we can’t turn on the lights at the end of the show and remind ourselves that it’s a work of fiction. This is real life and the numbers are scarier than anything Hollywood has ever dreamed up.

Featured

  • Survey: 54% of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization

    Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State of Multi-Cloud Identity: Insights and Trends for 2025. The report, based on survey data from the Cloud Security Alliance (CSA), highlights trends and challenges in securing cloud environments. The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Study: Nearly Half of Companies Exclude Cybersecurity Teams When Developing, Onboarding and Implementing AI Solutions

    Only 35 percent of cybersecurity professionals or teams are involved in the development of policy governing the use of AI technology in their enterprise, and nearly half (45 percent) report no involvement in the development, onboarding, or implementation of AI solutions, according to the recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • New Report Series Highlights E-Commerce Threats, Fraud Against Retailers

    Trustwave, a cybersecurity and managed security services provider, recently released a series of reports detailing the threats facing the retail sector, marking the second year of its ongoing research into these critical security issues. Read Now

  • Stay Secure in 2024: Updated Cybersecurity Tips for the Office and at Home

    Cyber criminals get more inventive every year. Cybersecurity threats continue to evolve and are a moving target for business owners in 2024. Companies large and small need to employ cybersecurity best practices throughout their organization. That includes security integrators, manufacturers, and end users. Read Now

Featured Cybersecurity

Webinars

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3