Top 5 Data Protection Incidents of 2015
Data protection was a big topic of discussion in 2015, and will certainly continue being one in 2016 and beyond. From security breaches to natural disasters, 2015 was full of reminders and valuable lessons around the importance of keeping data secure – and the far reaching consequences of failing to do so.
1. The Google Data Loss Incident – When Lightning Strikes
Back in August, a lightning storm hit a local utility grid four times near one of Google’s data centers in Belgium. According to the incident report put out by Google, less than 0.000001% permanent disk space was lost – and customers did not lose data because it was replicated across multiple servers.
The report may sound as if the impact of the data loss was minimal, but some companies did experience negative consequences. For example, French startup Azendo actually experienced 12 hours’ worth of downtime. There is a happy ending to the story though: they fully recovered the data that had been lost since they had previously backed it up to a different center. Many small businesses and startups can’t afford to be without their data for very long, so Azendo was lucky that the incident was a short as it was– and that they had the other backups. .
The Google data loss incident showed us that even a tech giant like Google can be impacted by a disaster, so having regularly scheduled backups and multiple ways to store data is essential to keeping business running.
2. The Army National Guard Data Breach – When Human Error is to Blame
In the month of July, the Army National Guard suffered a major data breach due to an employee error. A contract employee improperly handled a data transfer from one center over to a non-accredited center. The event exposed home addresses and even social security numbers of over 850,000 current and former members of the National Guard.
The breach serves as a reminder that any time humans are responsible for anything, errors are almost inevitable – and people are the biggest cause for data loss after all. And when critical data is added to the mix, the stakes and consequences can be major. Which brings us to…
3. The Anthem Insurance Record Breach – Human Error Strikes Again
It’s safe to say that 2015 was the year of the healthcare data breach. After all, according to the Office of Civil Rights report there were over 112 million patient records breached during the year – and nearly 80 million of those are due to the much talked about Anthem Insurance breach.
In February of 2015, Anthem Insurance was breached by state-sponsored hackers who stole the millions of patient records – a major hit for Anthem and the healthcare industry in general. The cause of the breach? A phishing attack.
While this should certainly serve as another blaring reminder that human error can cause a lot of damage when it comes to handling large volumes of sensitive data, it is also shows how critical security is in these kinds of institutions. Employees in the healthcare industry and elsewhere are in need of more training on maintaining strict security measures and how they can help prevent these kinds of attacks in the future.
4. The Hillary Clinton Email Scandal – The Backup Retention Question
For a good few months, discussions of the Clinton email “scandal” were impossible to avoid. In March it was reported that Clinton had used a private email account for government/business related emails, and eventually it was discovered that she had used her own email server rather than a third-party provider’s. Clinton had apparently deleted over 30,000 emails and the FBI seized the backups for investigation. The appliance the emails were on was actually still backing up to the cloud up until 2015, which came as a surprise to Clinton’s team. This drew a lot of attention to the backup company’s data retention policies and where backups were actually stored at different points in time.
Politics aside, IT managers have a lot to take away from what happened in this case, especially when it comes to backup retention. In real life, backup providers are much more likely to run into issues for not retaining data long enough rather than too long. Either way, both the provider and the client need to be aware of exactly how long backups are expected to be stored. In addition, being able to relay where data is backed up at any point in time is a must, and even more important when it comes to sensitive data. Despite the issues Clinton is facing for having her data backed up to the cloud, for most people offsite backup is a good thing because it ensures that data is kept safe at all times in case a disaster strikes the on-site backup location.
5. Ashley Madison – When Hackers Attack
The Ashley Madison breach occurred in July, and its effects are still ongoing in 2016. In case you’ve been living under a rock, Ashley Madison is a website created for cheating spouses. Hackers infiltrated its parent company, Avid Life Media Inc., and released the names, home addresses, and other personal information of 32 million Ashley Madison customers. The CEO stepped down due to the scandal, and multiple lawsuits have been filed against the company since. Spammers also attempted to blackmail victims of the breach by demanding bitcoin to prevent them from making the information public.
There are a number of lessons to take away from these unfortunate events, and it’s not just that adultery is a bad idea. Ensuring and actually testing your organization’s security is a must to prevent something like this from happening, as well as having a clear plan of what to do in case such a breach occurs. A number of the people registered to the website had also used their business emails, so paying close attention to online employee activity and watching out for red flags could help prevent a similar incident in your organization. And last but not least, take a closer look at the security level of any third-party services your company uses. If they have access to employee emails, passwords and any other vital data, they should be able to demonstrate their security measures.
On a different level, the scandal and many others like it should help us all remember the unspoken rule of being a member of the Internet – user discretion advised. In other words, anything that goes on the Internet has the potential to become public information. Acting accordingly can prevent a lot of headaches and lawsuits.
See how a cloud backup and restore solution can protect your data.