2011 Set to Be Worst Year Ever for Security Breaches

June 10, 2011
Cyber Security, FedCyber Wire
No Comment

via Security News Daily

Sony, the data-security firm RSA, Lockheed Martin, the email wholesaler Epsilon, the Fox broadcast network, NASA, PBS, the European Space Agency, the FBI, the British and French treasuries — and, just this morning, the banking and insurance giant Citigroup. What do all these organizations have in common?

Along with dozens of other companies and government agencies, they were victims of massive network security breaches in the first six months of this year.

“In the last 10 years, I don’t think we’ve seen breaches that have affected consumers at this scale,” said Ondrej Krehel, information security officer for Scottsdale, Ariz.-based Identity Theft 911. “It’s been the worst year in a decade.”

Tim Armstrong, malware researcher for the Russian security firm Kaspersky Lab, agreed.

“It’s only June,” Armstrong said, “but it has already [been an] impressive year for breaches.”

Sony, RSA and Epsilon usher in the season

The worst three cybersecurity incidents of the year so far have involved RSA, Epsilon and Sony.

In mid-March, Boston-based cryptography firm RSA suffered a massive network intrusion that resulted in the theft of information related to its SecurID tokens. Forty million people use the tokens to access the internal computer networks of 25,000 corporations, government organizations and financial institutions.

Two months later, defense contractor Lockheed Martin had its own networks penetrated by attackers who used “cloned” RSA tokens made with data taken in the original breach.Unconfirmed reports named defense contractors Northrop Grumman and L-3 Communications as other victims.

In early April, hackers penetrated the internal networks of Epsilon, a Texas-based firm that handles email communications for more than 2,500 clients worldwide. The companies affected by the Epsilon hack included Ameriprise Financial, BestBuy, Capital One Bank, Citi, JPMorgan Chase, TiVo, U.S. Bank and dozens more.

Last (but not least in the eyes of some gamers) is Sony. Since early April, the Japanese entertainment and electronics giant has been fighting different groups of hackers. One group stole the personal information of 102 million registered users of the PlayStation Network (PSN) and other online gaming services.

Continued here.