IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Top 10 most embarrassing data breaches

Inspired by a notable security gaffe at BP, we give our rundown of the most embarrassing data breaches in recent memory.

Data security

"The slurping of AT&T data on the early iPad 3G adopters by Goatse was pretty embarrassing too," Rik Ferguson, director of security research and communication at Trend Micro, told IT PRO, and indeed it was.

The hackers from Goatse Security, who claimed they were only trying to expose flaws on AT&T's side, exploited holes in AT&T servers to siphon off personal info of around 114,000 customers.

Among the possible victims were celebrities, business executives and government officials, including New York City Mayor Michael Bloomberg.

When that amount of data goes missing, it's always going to be bad for the company on the wrong end of the breach.

What made matters worse was the murkiness that surrounded the aftermath.

Daniel Spitler and Andrew Auernheimer were arrested in January, but Auernheimer, who claimed to have only publicised the flaws rather than exploit them, had already been apprehended in 2010 on drug charges.

There was plenty of back and forth between Goatse and investigators, with Auernheimer claiming his civil liberties had been "grossly violated." The Goatse member said the authorities had treated him unfairly and had even denied him a public defence lawyer.

The defendants were eventually each charged with one count of fraud and one count of conspiracy to access a computer without authorisation.

Whatever happens to the two young men, for everyone involved, the breach was one mightily unpleasant event.

4. RSA recent, mention Kaspersky

It's always bad when a security company gets hit by a cyber attack, but when it threatens the effectiveness of one of their products, then it becomes all the more humiliating.

We saw last year the impact a hack on a Kaspersky website had. In that case, hackers exploited a vulnerability in a third party app used for website admin.

Just last month, though, a much more serious hack led to a rather significant data breach. When RSA, the security arm of EMC, had its servers hacked, data on its two-factor authentication product SecurID was compromised.

The firm admitted the data could have been used to "reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," and RSA urged customers to take immediate remedial action.

But RSA will need to take its own remedial action something that could cost the company plenty of money and time.

There are a number of questions still hanging over the breach, like how many, if any, tokens will need to be replaced?

As with many breaches, this one could turn out to be worse than initially feared. For RSA's sake, and for it's customers, let's hope not.

3. HBGary vs. Anonymous

Another security company, HBGary, was hounded by hacktivist group Anonymous and ended up looking fairly red in the face.

It all started when HBGary started going after Anonymous and tried to uncover who was running the show. When chief executive (CEO) Aaron Barr, who eventually left the firm, said he had information on those in the upper echelons of the activist organisation, Anonymous went after HBGary.

It was when Anonymous started leaking tens of thousands of emails from the firm that the embarrassment levels went up a notch. No one likes to see their dirty laundry aired in public, but that's what happened.

Details emerged on how HBGary worked with Government bodies in the US, showing how they had created malware and rootkits. Nothing truly awful emerged, but it was bad enough that the firm had its private conversations revealed to the world.

Anonymous also defaced HBGary's website and gained control over Rootkit.com, a site launched by HBGary founder Greg Hoglund, just to add to the security firm's woes.

Anyone going after Anonymous will want to ensure their security is really up to scratch, or they could suffer like HBGary has.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

ICO crackdown on AI recruitment part of three-year vision to save businesses £100 million
data protection

ICO crackdown on AI recruitment part of three-year vision to save businesses £100 million

14 Jul 2022
The public sector will no longer face eye-watering data breach fines, ICO confirms
public sector

The public sector will no longer face eye-watering data breach fines, ICO confirms

1 Jul 2022
Anonymous hijacks Russian broadcasts with footage of Ukraine war
hacking

Anonymous hijacks Russian broadcasts with footage of Ukraine war

7 Mar 2022
MoJ faces £17.5m GDPR fine over subject access request backlog
data protection

MoJ faces £17.5m GDPR fine over subject access request backlog

20 Jan 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022