As 2017 is quickly coming to an end, it’s time for all the “best of” lists to come out along with the “worst” lists.
The technology world is no different. Santa has been keeping track of all of those on his naughty list and hackers seem to be at the top!
We won’t soon forget about the Russian hackers who were accused of infiltrating the 2016 presidential election. The U.S. intelligence community confirms Russia did hack at least 21 states last year but the total impact is still unclear.
TOP HACKS OF 2017
Months later in 2017, two of the biggest global hacks infected computers: the WannaCry and NotPetya malware. WannaCry spread through the U.K.’s National Health Service and NotPetya took down most of the Ukraine’s national government.
Plenty of other hacks happened in 2017, as well. While maybe not as big as some of these others, they certainly did a lot of damage.
1 - Aviva
Security intelligence group RedLock claims hackers were penetrating the cloud servers of companies like Aviva to use the resources to mine bitcoins. This is obviously different than a typical data breach. Bitcoin is an electricity-intensive process. Other websites were using computer resources to mine for other cryptocurrencies, including The Pirate Bay.
2 - Equifax
Even if you’re not familiar with some of these other data breaches, you probably heard of the one impacting one of the largest credit agencies in the world — Equifax. The company was the victim of one of the biggest hacks in 2017 with at least 143 million people impacted in the U.S. with nearly 700,000 in the U.K. Hackers were able to access information such as birth dates, addresses, Social Security and credit card numbers.
3 - Imgur
Image-sharing site Imgur didn’t find out about hackers permeating their website with malware for a few years. They learned this year that 1.7 million email addresses and passwords were intercepted in a 2014 data breach.
Imgur is still investigating the hack but believes it was as a result of a password encryption system that was in use at the time.
In a statement, Imgur said, “We take the protection of your information very seriously and will be conducting an internal security review of our systems and processes. We apologize that this breach occurred and the inconvenience it has caused to you.”
4 - ISIS
I’m sure you’re familiar with the name ISIS. The so-called Islamic State website was hacked earlier this year, revealing details about its nearly 2,000 subscribers. A Muslim hacktivist collective hacked the Amaq website that’s used to publicize the terrorist organization’s activities.
5 - Russian hacking
Getting back to the Russian hacking and even Brexit. Neither one has left the headlines in 2017. What’s new is that the FBI failed to notify top U.S. experts who were subject to these hacking attempts about the threats.
Out of the 80 Americans targeted by the Russian hacking group Fancy Bear, the Associated Press reports the FBI only notified two of the policymakers. Fancy Bear was behind the Democratic National Convention hacks.
The FBI won’t comment on the investigation but said, “The FBI routinely notifies individuals and organizations of potential threat information.”
The investigation is expected to continue well into 2018 and beyond.
6 - Uber
Ride-sharing service Uber first revealed it was subject to a massive data breach in 2016. Two people hacked the user data stored in a third-party cloud service. They were able to access information of 50 million Uber riders as well as 7 million drivers around the world. Uber tried to cover it up by offering the hackers $100,000 to keep quiet about the information.
What the governments are doing
Governments, obviously, want to put a stop to hackers. In Europe, the General Data Protection Regulation (GDPR) plans to take aggressive measures in 2018 that will target companies for not protecting customer data.
The U.K. government has introduced the Data Protection Bill, which will put these regulations into law. Companies will be liable for fines if they fail to comply.
The Australian government is introducing a similar law next year that would fine firms if they are negligent in notifying customers when they’re hacked.