Last year wasn’t called “The Year of the Hack” for nothing. Companies lost untold sums of money because of cyber attacks. In 2012, businesses still face many online threats and continue to be exploited because of lax security measures.
Hackers targeted major companies including Sony, RSA Security, and Citigroup, but also governmental websites and smaller firms. Many companies could have prevented the attacks. Because of their vulnerabilities, they not only lost money, but also risked losing clients, prestige and market share. Multitudes of people were affected by their security breaches.
Recent reports showed hackers earned $12.5 billion in 2011, mainly by spamming, phishing, and online frauds. Some companies have made their financial losses public, while others chose not to disclose them. Here’s a top 5 of the declared losses caused by hackings from last year until present. Undeclared losses may even exceed these ones.
1. $171 million – Sony
Hacked in April to June 2011, Sony is by far the most famous recent security attack. After its Playstation network was shut down by LulzSec, Sony reportedly lost almost $171 million. The hack affected 77 million accounts and is still considered the worst gaming community data breach ever. Attackers stole valuable information: full names, logins, passwords, e-mails, home addresses, purchase history, and credit card numbers.
2. $2.7 million – Citigroup
Hacked in June 2011, Citigroup was not a difficult target for hackers. They exploited a basic online vulnerability and stole account information from 200,000 clients. Because of the hacking, Citigroup said it lost $2.7 million. Just a few months before the attack, the company was affected by another security breach. It started at Epsilon, an email marketing provider for 2,500 large companies including Citigroup. Specialists estimated that the Epsilon breach affected millions of people and produced an overall $4 billion loss.
3. $2 million – Stratfor
Last Christmas wasn’t so joyful for Stratfor Global Intelligence. Anonymous members hacked the US research group and published confidential information from 4,000 clients, threatening they could also give details about 90,000 credit card accounts. The hackers stated that Stratfor was “clueless…when it comes to database security”. According to the criminal complaint, the hack cost Stratfor $2 million.
4. $2 million – AT&T
The US carrier was hacked last year, but said no account information was exposed. They said they warned one million customers about the security breach. Money stolen from the hacked business accounts was used by a group related to Al Qaeda to fund terrorist attacks in Asia. According to reports, refunding costumers cost AT&T almost $2 million.
5. $1 million – Fidelity Investments, Scottrade, E*Trade, Charles Schwab
The most recent declared losses were in a brokerage scam. A Russian national was charged in the US with $1.4 million in computer and hacking crimes. $1 million was stolen from stock brokerages Fidelity Investments, Scottrade, E*Trade, and Charles Schwab. The rest of the money was taken from fraudulent tax refunds, with the stolen identities of more than 300 people.
These are just a few of the major hacking schemes that cost businesses money. Companies such as RSA Security, ESTsoft, Zappos, InfraGard, or Hyundai Capital didn’t disclose their financial losses. Though, figures regarding the people affected by security breaches speak to the gravity of each case.
The most impressive numbers come from last year. 40 million employee records were stolen in March 2011, after RSA Security was hacked. Another huge theft of information happened in the summer, when personal data of 35 million South Koreans was exposed after hackers breached the security of software provider ESTsoft.
Other interesting figures include this year’s Zappos hack, with 24 million accounts exposed. Because credit cards were not stolen, the shoe store’s attack wasn’t as damaging as it could have been.
This year’s hacking scandal was a medical breach. More than 181,000 Medicaid and Children’s Health Insurance Plan records, including 25,096 social security numbers were recently stolen from the Utah Department of Health. The group admitted millions of people may have been affected because some of the stolen files contained information on hundreds of individuals. Health data attacks had law firms eyeing the prospect of a windfall from lawsuits. If health groups are to be sued by all the people affected, costs could rise into the millions of dollars.
Some breaches targeted fewer individuals but damaged reputations. In 2011, Hyundai Capital admitted personal information on about 420,000 customers was leaked after a cyber attack. Also, FBI Partner InfraGard was hacked in June 2011, and 180 usernames and passwords were stolen.
Regardless of size or status, no business is safe from e-threats, unless it includes security as a top priority.