Securing Information
Strengthening Business

Top 10 Information Security Breaches

Information security is a high profile issue that is never far from the news – whether it is lost laptops or full-blown cyber attack. Confidentiality, integrity and availability of information are serious concerns for any business leader today. Here are some of the most serious security breaches that have made the news in the last 5 years.

Top 10 Information Security Breaches

  1. 2007 – TJX (parent of TK Maxx) hacked : information stolen on tens of millions of credit and debit card details – unprotected wireless network
  2. 2007 – HM Customs and Excise chairman forced to resign: 2 disks lost in internal post containing personal information of 25 million families in the UK
  3. 2007 – HSBC Bank fined £3.2 million by FSA for losing details of 180,000 life insurance customers – unencrypted floppy disk lost in the post
  4. 2007 – Nationwide Building Society employee laptop stolen from his home containing confidential customer details – failure to manage or monitor downloads of data onto portable devices
  5. 2008 – Bank of New York Mellon suffers physical security breach – potential compromise of personal details of 12.5 million customers – lost data back up tape
  6. 2009 – Heartland Payment Systems hacked: tens of millions of transactions compromised – computers infected with malware
  7. 2011 – RSA subject to sophisticated and targeted attack that began with ‘spearphishing’ email
  8. 2011 – Epsilon email marketing company could face $4 billion in damages: customer databases of names and email addresses hacked – sophisticated ‘spearphishing’ campaign
  9. 2011 – DigiNotar (Dutch web certificate issuer) files for voluntary bankruptcy – hacker attacked operational IT systems and generated fake certificates. Loss of reputation is cause of downfall.
  10. 2011 – Sony Playstation Network suffers security breach . Up to 24 million users affected and personal, billing and password security questions stolen. Sony expects to pay out $171 million in new protection, welcome back, customer support programmes and legal cost.

Information risk is often seen purely as a technical issue as the variety of incidents in the list above show, this is not the whole story. It’s a very human risk too. There is a need for parity and balance, looking at risk across the board: the right mix of physical, procedural as well as technical controls – in line with your business objectives.

This post introduces a series of articles. We’re not in the business of scaremongering (there is too much fear selling in our industry and we don’t want to add to that!) so in each article we’ll give you advice on how your company can avoid the situation these unfortunate organisations have faced, highlighting the positive business advantages if you get information security right.

For Further Information

If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.

Please use the contact details below - also found on our Contact Us page.


Fields marked with an * are required
Share this:

You may also be interested in:

Building business resilience - through Information Security, Business Continuity and Disaster Recovery

How would you recover if something went drastically wrong with some, or all of your business operations? When we think of worst case scenarios,

Ascentor’s cyber security review of 2020

2020 wasn’t the first year where a virus emerged causing large scale disruption and opportunities for cybercrime. It was, however, the first time

Cyber security myths putting SMEs at risk

SMEs have long been a favourite hunting ground for cyber criminals. Big enough to be of interest in terms of data held and yet often small enough not