Social media, credit reporting agencies, and the restaurant industry were all affected by breaches in 2018. Although 2018 saw fewer breaches than 2017, there were still 945 breaches that resulted in a total of 4.5 billion records being leaked in the first half 2018. (6 Months, 945 Data Breach, 4.5 Billion Records). Along with the hacks and breaches of 2018, there was one regulation, the ‘GDPR’, that affected the security of organizations around the globe. Let’s first look at GDPR, and the important hacks and breaches that shaped 2018.
Data privacy has taken a serious hit with cliche statements like “Data is the new oil” and similar. The ‘GDPR’ (or ‘Global Data Protection Regulation) was created in response to this. It went into effect on May 25, 2018. GDPR is designed to protect citizens of the EU from data breaches. It applies to businesses that operate in the EU, as well as organizations processing data of EU citizens.
“Data retention” (subjects decide how long their data will be kept on an organization’s servers)
“Right to Access” (subjects have the right to ask about how their data is processed. They can also request a copy of their data in electronic format for no cost.
‘breach notification'(subjects have to be notified of a data breach within 72 hours of the breach)
“Right to be Forgotten” (subjects have the right to ask controllers to erase all data that relates to them)
The single most important regulation, ‘GDPR’, has redrawn many organizations’ security maps in 2018. It will continue to do so in future. Organizations that fail to comply with GDPR will face severe penalties.
Let’s take a look at some of the most important breaches in 2018:
In 2018, the social media giant was hit with several security problems. In 2018, Facebook was caught up in a security crisis. In May 2018, 14 million Facebook users were inadvertently set their posts to ‘public’ due to a security flaw. This bug was finally fixed on May 22nd 2018.
Facebook has over 2.2 billion users, and it is difficult to secure the entire Facebook landscape in this new age of digital social networking.
In September 2018, 50 million Facebook users’ personal information was exposed in another attack on the network. Software flaws in Facebook’s systems also exposed accounts of top executives such as Mark Zuckerberg, Sheryl Sandberg, and others.
In December 2018, the popular question-and-answer portal was hit with a data breach. 100 million users had their data breached in December 2018. They lost their names, emails addresses, encrypted passwords, and questions.
Quora users were immediately logged off and asked to log in again using a new password.
Twitter didn’t suffer a data breach, but it did log 330 million users out of their accounts in May 2018. This was because it suspected that passwords might have been stored plain text on its servers.
Passwords are stored on servers and ‘hashed’ to prevent them from being revealed directly. Twitter used the industry standard ‘brcypt function to mask user passwords. The passwords were “as is” in an internal log because of a bug.
Twitter logged all users and encouraged them change their passwords.
Marriott hotels reported in November 2018 that they too had been affected by a security breach. Starwood’s guest reservation system was hacked, and sensitive information including names, addresses and passport numbers, dates of birth, gender, and credit card information for approximately 500 million guests was exposed. Starwood includes Sheraton Hotels and Resorts as well as Le Meridien Hotels and Resorts and Westi.