Name: Noah Anita

Sect: TT 8:30-10am

Security Breach Research

a. Use the provided links to security breaches from different sectors to fill out the table below.
b. Search for a few additional interesting breaches and record the findings below.

Incident Affected How many Victims? What exploits were used? Reference Source
Date Organization What was taken? How do you protect yourself?

17th Greenwich  Personal data of  It was uploaded onto SC Magazine

February University 19,500 students a microsite for a
2016 was placed online. training conference in
 The data included 2004, which was then
names, addresses, not secured or closed
dates of birth, phone down.
numbers, signatures  In order to adequately
and - in some cases - protect the data,
physical and mental businesses must
health problems. regularly audit and
ensure security
controls, such as
encryption and key
management are
implemented,
whether the data is
being stored or used
in a transaction”.
November Marriott  500 million guest  The cybercriminals SC Magazine
30 2018 Starwood  records that gained access to,
reservation included names, copied and encrypted a
payment card wide variety of data
information and from guests using its
other PII reservation system.
Cybercriminals had
duplicated and
encrypted the database
 Companies should
perform cyber due
diligence prior to an
acquisition or
investment.
Understanding the
cyber security posture
of an investment is
critical to assessing the
value of the investment
and considering
reputational, financial,
and legal harm that
 could befall the
company. After an
investment has been
made, continuous
monitoring is essential,
October Adobe  153 million user  Attackers were CSO ASEAN
2013 records targeting three
 Adobe originally particular
reported vulnerabilities for
that hackers had ColdFusion 10, 9.02,
stolen nearly 3 9.0.1 and 9.0 for
million encrypted Windows. Hackers
customer credit card were using exploits to
records, plus login bypass authentication
data for an schemes in ColdFusion
undetermined and remotely
number of user controlling Web servers
accounts.  Adobe created a c-level
position as one way to
improve operation
sunning the software.

2012 (and LinkedIn  165 million user  Prosecutors alleged CSO ASEAN
2016) accounts that Nikulin stole a
 6.5 million LinkedIn employee's
associated username and
passwords (unsalted password, using them
SHA-1 hashes) were to gain access to the
stolen by attackers corporation's network
and posted onto a  They invalidated
Russian hacker passwords of
forum all LinkedIn accounts
created prior to the
2012 breach that had
not reset their
passwords since
that breach In addition,
we are using
automated tools to
attempt to identify and
block any suspicious
activity that might
occur
on LinkedIn accounts.