Anyone who follows cybersecurity is aware of the steady drumbeat of data breaches and attacks. So, an attack needs to really stand out to earn the name “disaster.”
We’ve assembled eight truly disastrous IT security failures over the past decade, with the goal of finding not just clever hacks, but real mistakes on the part of the victims. Hopefully you’ll come away with some ideas on how not to suffer a disaster of your own.
[ Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cybersecurity to the board. | Sign up for CSO newsletters. ]
2012: Court Ventures gets social-engineered
Hieu Minh Ngo proved that you don’t need a lot of technical know-how to breach the security of an important data broker and get access to a lot of people’s private information. Sometimes all it takes is some brazen misrepresentation and social engineering skills. While still in his early 20s, Ngo convinced Court Ventures, a data broker later purchased by Experian, that he was a private investigator in Singapore. He then purchased personally identifying information (PII) from Court Ventures as part of his “work.”