What happened:
CyberNews journalists (aka cybersecurity experts) hacked 27,944 printers around the world and sent a quick information security guide to print. The prankers used the Internet of things search engines like Shodan and Censys to search for devices with open ports and an Internet connection. To print the documents, they wrote a special script.
Who is to blame:
The gamble was successful because the captured printers were not hidden from public access. For example, printers had default passwords, no firewall was enabled, wireless connections to the router were allowed, and so on. The authors of the experiment claim that the most vulnerable devices are in the United States, China, Hong Kong, Germany, and France.
 
What happened:
39 million records about US citizens featuring names, home and email addresses, phone numbers, and zip code were found in an open database on the Amazon Web Services server. The database belongs to the View Media marketing company, which provides digital services, in particular, organizes advertising newsletters. Besides email addresses shared access was provided to emails, advertising flyers, banners.
Who is to blame:
It's just like we used to see it...the database owners neglected the privacy settings, so anyone could access it.
 
What happened:
British construction company Amber Windows distinguished itself significantly. The organization (as it goes) inadvertently leaked information about 500 thousand customers. The database comprised of extremely sensitive personal information such as health and marital status.
Who is to blame:
The reason for the leak is trivial. They stored the database with no password. Both the media and the community of information security experts who indicated the vulnerability were outraged that the company did not notify the victims of the incident, did not report the leak to regulators, and flatly refused to give public comments on the topic. Although it is unlikely that the company will be able to elude the GDPR sanctions.
What happened:
An urgent female patient died as a result of a hack on Düsseldorf University Hospital’s computer systems. The woman was sent to the nearby city of Wuppertal which is 32 km away. The time for rescue was lost, the patient died.
Who is to blame:
Attackers took advantage of a vulnerability in "widely used commercial software". During the attack, the hospital's servers broke down. As a result, the staff was forced to cancel all planned operations, and gravely affected urgent patients were sent to other hospitals. The media write that this is the first time in history when a cyber attack led to a fatality.

What happened:
Shopify, a Canadian developer of online shopping platforms collaborated with the FBI and other law enforcement agencies to investigate the leak after discovering unauthorized access to user data. It is assumed that the incident affected customers of 200 stores.
Who is to blame:
The company is confident that the leak was caused by unscrupulous insiders. It was two employees from the technical support department who tried to steal customers' transaction data from sellers. Attackers could gain access to email addresses, names, residential addresses, as well as information about orders. Luckily, bank card details and other financial information were not highlighted.
What happened:
BuzzFeed News journalists published a high-profile investigation based on 2,100 reports from 2000-2017 that leaked from the US Treasury's financial crimes unit (FinCEN). The investigation showcases multimillion-dollar money laundering schemes involving major banks (such as Bank of America, Deutsche Bank), well-known politicians, and businessmen.
Who is to blame:
The documents were passed to the media by a FinCEN employee. Information security experts communicate that this leak proves the inadequacy of internal threat protection in the public sector. At the same time, the breach casts a huge shadow on the reputation of organizations and individuals who were included in the reports. Humpf...public sector stores huge amounts of vulnerable information.

Learning from other people's mistakes is a truism that almost no one follows. But in the fall, when new knowledge is absorbed best, it would be a great idea to conduct an information security education program for your employees. And then...check their understanding via SearchInform DLP.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
                                    Always active. These cookies are essential to our website working effectively.
                                    Cookies does not collect personal information. You can disable the cookie files
                                    record
                                    on the Internet Settings tab in your browser.
                                
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
                            To complete the form and get in touch with us, you need to enable Functional Cookies.
                            Otherwise the form cannot be sent to us.
 
			Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
 
			Subscribe to our newsletter and receive case studies in comics!