Cyber Breaches in Different Companies - Term Paper Example

Cyber Breaches in Different Companies No: Table of Contents Executive Summary 3 Zendesk Breach 6 Booz Allen Hamilton 2011 7 Vacationland 2011 8 Citigroup 2011 9 Fidelity National 2011 9 Wyndham Hotels 2012 10 References 13 Executive Summary Companies operating internationally as well as nationally require authentic cyber security measures to ensure security of their customers’ records and money. Hackers try to breach the security of companies to access this crucial information to use it illegally for their own interests. AT&T underwent a cyber breach in 2010 affecting one hundred and fourteen thousand accounts. A cyber security breach affected nearly forty three thousand to fifty five thousand customers of Bartell Hotels in 2014. Zendesk suffered a cyber security breach in 2013 that affected its three consumers, Tumblr, Pinterest and Twitter. The hackers attacking Booz Allen Hamilton in 2011 targeted ninety thousand military email addresses and passwords. The company, Vacationland Vendors Inc. underwent a cyber breach that affected nearly forty thousand people in 2011. Citigroup Inc. suffered a cyber security breach that affected three sixty thousand and eighty three ‘North American credit card accounts’ in 2011. Fidelity National Information Services Inc. underwent a security breach when the hackers were able to draw thirteen million dollars from ATM machines in six countries just in a day in 2011. The chain of Wyndham Hotels underwent a security breach in 2012 in which, the hackers were able to gain personal information about six hundred thousand customers visiting Wyndham Worldwide Hotels. Introduction With advancement in technology, hacking technology has also advanced. The companies manage accounts of their consumers online or on secure databases containing detailed information of consumers. This information requires to be kept private so that it cannot be used illegally. However, hackers try to breach the security of companies to access this crucial information to use it illegally for their own interests. With the breach of security, companies themselves lose financially as well as in terms of reputation and market positioning but also, their customers suffer at the hands of cyber criminals who not only use their personal information, but also steal their money. Companies are required to use extremely secure and authentic software programs to ensure the security of customers and their personal information to ensure their trust in their services and products in the short term as well as in the long term. The cyber breaches in cases in eight different companies in the last four years that are ATT/IPAD 2010, Bartell Hotels 2014, Zendesk Breach 2013, Booz Allen Hamilton 2011, Vacationland 2011, Citigroup 2011, Fidelity National 2011 and Wyndham Hotels 2012 are analyzed in this paper to check how the criminals breached their security, what were the losses and what steps they took legally to control the security breach. ATT/IPAD 2010 AT&T is an American multinational Telecommunications Corporation and one of the largest mobile cell phone companies. In the year 2010, the case regarding the cyber breach known as ATT/IPAD 2010 came to the forefront informing that there was a security breach. In this cyber breach, a huge number of email addresses including ‘private identification numbers known as ICC-ID’ of iPad 3G owners were publicized by hacking AT&T’s website (Bilton, 2010). The security group that was blamed for the breach was known as Goatse Security and with this hacking activity, more than one hundred and fourteen thousand email addresses were revealed. With this breach, the log in processes of users worked faster. The hackers gained kowledge about private information of customers of AT&T iPad. The hackers not only gathered the email addresses, but also employed them for their own advertising. However, this blame was rejected by Goatse Security and they stated that email addresses were available to everyone on the internet and there was no hacking done by the company (Bilton, 2010). Dorothy Attwood, the senior Vice President reported that a software code was generated in order to copy the serial numbers of AT&T SIM card for iPad, which are known as ICC-ID and with this code generation, the verification page log in screen was obtained by the hackers with the support of which, they gained email addresses of users. The hacking attack was restricted to the obtainment of emails and they were unable to access ‘AT&T communications or data networks’, ‘iPads’ or any other services. The content of email addresses or any personal information about the consumers of AT&T was not at risk (Bilton, 2010). Legal actions were taken in terms of investigation of unauthorized system access and prosecution of violators and further promise about the security and privacy of customers was done in order to maintain the trust in the services and devices (Bilton, 2010). Auernheimer, one of the conspirators and hackers of the cyber breach be longing to Goatse Security involved in hacking AT&T customer accounts was convicted and imprisoned for five years with a fine of two fifty thousand dollars for act of digital civil disobedience (Freed, 2012). Bartell Hotels 2014 A cyber security breach affected the customers of Bartell Hotels. Bartell Hotels is a chain of seven hotels and three marinas making it a large chain. The management reports about a security breach in five of its hotels between February 16 and May 13, 2014 according to which, the debit and credit card details like owner names, card numbers and expiry details were hacked. However, after this time, the management reports that security breach is controlled (Hospitality Business News, 2014). The customers who have used the services of five of the hotels that are “Best Western Plus Island Palms Hotel & Marina; The Dana on Mission Bay; Humphreys Half Moon Inn & Suites; Pacific Terrace Hotel; and the Days Hotel – Hotel Circle” are asked to check their card details during the breach days. ‘Independent data forensic experts’ were called for investigation. The potential customers that were expected to be affected were between forty three thousand and fifty five thousand. According to forensic details, only payment card details were compromised. Credit card brands of the customers and law enforcement institutions were information about this unauthorized access. The third party intruder has gained the information through unauthorized means (Hospitality Business News, 2014). Zendesk Breach 2013 Zendesk suffered a cyber security breach that may have affected its three consumers that are Tumblr, Pinterest and Twitter. Zendesk outsources its services and is a major customer service software provider. The hackers breached their system and accessed the details of three mentioned accounts. The access point had been created by the hacker, but after gaining knowledge of the unauthorized access, the access point was closed (Honan, 2013). According to the held investigation, the information that the hackers gained were the support information, email addresses, contact information and subject lines of messages. After knowing about the cyber security breach, all the three consumers, Twitter, Tumblr and Pinterest contacted their customers and instructed them to remain vigilant of any strange emails and privacy of passwords. The hackers downloaded customer’s information, email address and contact details (Honan, 2013). The legal actions that are possible on this hacking activity are imprisonment of the attackers if they misuse the email addresses and other personal information. Zendesk is a big industry accommodating many others big names. Booz Allen Hamilton 2011 Booz Allen Hamilton, a big American governmental consultancy firm, which underwent a cyber security breach by a ‘group of hacktivit computer savvy attackers’ who have also targeted and hacked the security of many big firms. The hackers targeted ninety thousand military email addresses and passwords kept by Booz Allen Hamilton. The company turned from a private company to a public one in the year 2010. The hackers opposed Booz Allen Hamilton for their participation with government in their ‘fight against terrorism’ (The Economist, 2011). The company had people from CIA, cyber security and national intelligence. The company was itself responsible for maintaining and offer solutions to other major companies to control of their security. However, its servers, databases and algorithms for encryption of data were not secure and managed by the administration due to which, the hackers were able to insert malicious code and they claimed that there were no security measures to stop them from entering the information databases. The company faced loss of reputation in the long term because it was considered supporting other organizations to gain skills for the Cyber age and its own cyber security got breached. In the short term results of the cyber breach, the market share of the company fell down (The Economist, 2011). The company offered services regarding cyber security management to other companies and with its own cyber security breach, it not only lost monetarily but also in terms of its reputation. The company also consulted for enactment of legislations and reforms but on its own cyber security breach, it required the services of law enforcement institutions (The Economist, 2011). Vacationland 2011 Vacationland Vendors, Inc. located in Wisconsin is a major vending machines and games provider to entertainment venues. The company underwent a cyber breach that affected nearly forty thousand people who vacationed at waterpark resorts located in Wisconsin and Tennessee from December 2008 to May 2011. The hackers that were third party intruders got into the point of sale systems of the company that were employed to process ‘payment-card transactions’ at Wilderness resorts and this security breach affected around forty thousand people as per a report. The hackers obtained credit card and debit card information through improper means. The company denied the presence of any security flaws that could cause the security breach, but they claimed that hackers of similar kind breached security of other places as well for obtainment of crucial information (Vijayan, 2011). The company asked the visitors visiting the resort locations to look for any suspicious activity in their credit or debit card transactions. The company also asked the credit cards firms to issue a fraud alert for the users. Malicious software programs had been used for gaining payment information from point of sale systems. The point of sale terminals connects the payments cards with the bank with all the necessary information that a bank requires about consumers and hacking of such systems exposes all the crucial information due to which, the affected people suffer monetary loss (Vijayan, 2011). Legal actions for these fraudulent attainments of payment information and later on using this information for withdrawal of payment should be severe and investigative actions were there. People visiting the resorts were notified to take some specific regulatory actions to ensure their own security including their monetary security (Vijayan, 2011). Citigroup 2011 Citigroup Inc. is a multinational banking and financial services company in America. The bank is regarded to be the third largest bank in America. It suffered a cyber security breach that affected three sixty thousand and eighty three ‘North American credit card accounts’. Of the affected account holders, 217, 657 account holders were provided with new cards while the remaining accounts were kept inactive and they were also issued new cards along with notifications about the security breach (Aspan, 2011). One percent of the total account holders belonging to the North American accounts were claimed to be affected because of the breach. The bank in total had nearly twenty one million customers as per the bank’s annual report in the year 2011. The bank was able to capture the security breach within seven days of the actual unauthorized access. The breach occurred somewhere around 24 May while the administration initiated informing the account holders on 3 June not before that. After being attacked by hackers in terms of security loss, other banks started replacing their consumer electronic keys to access their accounts. According to company officials, the hackers not only gain monetary information but also contact details so that they can be further used for advertising and other purposes (Aspan, 2011). The security measures that the banks have implemented need to be monitored and new controls are required to be installed to ensure better security to avoid any further cyber security hacking threat. Fidelity National 2011 Fidelity National Information Services Inc. provides banking and payments technologies internationally and is quite a large service provider. The company underwent a security breach when the hackers were able to draw thirteen million dollars from ATM machines in six countries. The total amount of thirteen million dollars were stolen in a day due to which, the breach is regarded among the greatest ones. The company processes prepaid debit cards and the hackers by breaking into the network of Fidelity National Information Services accessed illegally the database of company, which contained debit card records of the customers of the company. The amount that a card holder was able to draw within a day was restricted to a certain amount to be secure from any fraudulent activity. In addition, the card users have to reload their cards once they reached a restricted minimum balance (Liebowitz, 2011). The hackers of secure information were clever enough as they got hold of twenty two debit cards that were authoritative, removed their limit for drawing money and prepared copies of cards. Afterwards, the copies of debit cards were sent to co-partners of the crime in six different countries that were ‘Greece, Russia, Spain, Sweden, Ukraine and the United Kingdom’. On reaching the low restricted limit of debit cards, the cards were reloaded remotely by fraudulent hacking. On March 5, 2011, the hackers used ATM machines for withdrawing money. The scam ended in a day with hackers’ success at attaining a filthy amount (Liebowitz, 2011). As soon as the company became aware of the scam, the money was already stolen and its reputation suffered a lot in the long run. The company showed weakness in taking security measures, regulatory concerns and risk management and all these were to be improved by the company to avoid further damage. As it was a scam, strict legal action and investigations should follow (Liebowitz, 2011). Wyndham Hotels 2012 Wyndham Hotels is a group of chain of hotels and resorts operating internationally in various countries. The chain underwent a security breach in which, the hackers were able to gain personal information about six hundred thousand customers visiting Wyndham Worldwide Hotels due to which, the administration has to suffer a loss of 10.6 million dollars in the lieu of fraudulent charges (Timberg, 2012). Federal Trade Commission (FTC) had sued Wyndham Hotels for inadequate security measures, shortcomings in security functionalities, inefficient firewalls and password systems and configured software programs to keep customer information protected. The chain also suffered security breaches previously and in spite of the previous security breaches, the chain was unable to apply adequate security precautionary measures to keep criminals away from customers’ information. The passwords and usernames were not secure and all the employees used alike names for getting customer data due to which, hackers faced no issue in getting into the customer database. FTC also accused Wyndham hotels to keep up to the standards required for cyber security and adhering to the policies of consumer information protection. Carelessness and ignorance of necessary security based actions allowed hackers to breach the security of the chain and damage personal information of consumers and also make them suffer monetary losses (Timberg, 2012). The cyber theft or breach of security becomes possible not only because of expertise of the hackers, but also some of the drawbacks or weaknesses in the security of the company websites or information databases. The companies should take precautionary measures and their risk management should be more optimized. Wyndham Hotels suffered security breach, not once, but three times and considering this, it is quite clear that the Hotel chain management did not take enough precautionary measures giving gap to hackers to extract private data of consumers. Conclusion Developing cyber technology introduced cyber crime. The data or information that was previously stored in rooms, files and cabinets is now kept in information databases that are capable of handling and managing a huge amount of data. These databases are prone to cyber security breach if not managed with extreme care. There should be authentication software programs, reliable passwords, precautionary security measures, cyber risk management and much more to ensure the security of customers. AT&T, Bartell Hotels, Zendesk, Booz Allen Hamilton, Vacationland Vendors Inc., Citigroup Inc., Fidelity National Information Services Inc. and Wyndham Hotels, all are big names that suffered at the hands of hackers who breached their security for gaining access to their customers’ information and payment records to get advantage of not only personal data of customers, but also their money that they obtained fraudulently. As far as legal actions are concerned, not all the companies were successful in taking proper legal actions against the criminals. Even, for many companies, still the hackers are unknown and inaccessible. This industry requires attention of law enforcement institutions and governmental cyber professionals so that the customers can build better trust in the companies to use their services as well as their products. References Aspan, M. (2011). Citi says 360,000 accounts hacked in May cyber attack. Reuters. Retrieved 28 September 2014, from http://www.reuters.com/article/2011/06/16/us-citigroup-hacking-idUSTRE75F17620110616 Bilton, N. (2010). AT&T Explains iPad Security Breach. The New York Times. Retrieved 28 September 2014, from http://bits.blogs.nytimes.com/2010/06/13/att-explains-ipad-security-breach/?_php=true&_type=blogs&_r=0 Freed, A. M. (2012). Hacker Convicted for 2010 Breach of AT&T iPad 3G Customer Data. Securitybistro.com. Retrieved 30 September 2014, from http://www.securitybistro.com/?p=3819 Honan, M. (2013). Zendesk Security Breach Affects Twitter, Tumblr and Pinterest. WIRED. Retrieved 28 September 2014, from http://www.wired.com/2013/02/twitter-tumblr-pinterest/ Hospitality Business News. (2014). Bartell Hotels Provides Public Notice of Data Security Breach. Hospitality Business News. Retrieved 28 September 2014, from http://hospitalitybusinessnews.com/20140919373/bartell-hotels-provides-public-notice-data-security-breach Liebowitz, M. (2011). How cyber crime gang stole $13 million in a day. msnbc.com. Retrieved 28 September 2014, from http://www.nbcnews.com/id/44291945/ns/technology_and_science-security/t/how-cyber-crime-gang-stole-million-day/#.VCrVNmeSxmM The Economist. (2011). Hackers strike at a foe. The Economist. Retrieved 28 September 2014, from http://www.economist.com/blogs/schumpeter/2011/07/security-breach-booz-allen-hamilton Timberg, C. (2012). FTC sues Wyndham Hotels over hacker breaches. Washington Post. Retrieved 28 September 2014, from http://www.washingtonpost.com/business/economy/2012/06/26/gJQATDUB5V_story.html Vijayan, J. (2011). Vending Machine Company announces major data breach. Computerworld. Retrieved 28 September 2014, from http://www.computerworld.com/article/2511078/cybercrime-hacking/vending-machine-company-announces-major-data-breach.html Read More