Published: 06 August 2021    Last Updated: 03 July 2023

In 2017 Equifax were breached, the breach was discovered on July 29^[5] and an announcement was published on Sept 7.^[5] It wasn’t the largest breach of all time, and not even of 2017, but it was big and the data was sensitive. Over the two weeks following the announcement, Equifax stock fell from 142.72 to 92.98 (34.58%)

In regards to large breaches, in the same year Yahoo “upgraded” their previous August 2013 breach to note that it now believed to have affected all 3 billion accounts held on their systems. This figure was up from the original reported 1 billion affected accounts.^[1][2][3] Yahoo noted that the stolen user information may have included names, email addresses, telephone numbers, dates of birth, MD5 hashes of passwords and in some cases encrypted or unencrypted security questions and answers.^[3]

Published: 06 August 2021    Last Updated: 03 July 2023

I wanted to talk a little bit about the British Airways breach; I won’t be focusing on the intention to fine from the ICO. I’ll just be talking a little about vulnerabilities, how they can be addressed, and the issues mitigations may bright. I’ll also be talking about a security incident that hit the ICO and how it was potentially very similar to what happened to British Airways.

Published: 19 October 2020    Last Updated: 03 July 2023

TalkTalk suffered a series of security issues in 2015. Right from the start of the year people were discussing an increased number of scam calls. On 26 February 2015 TalkTalk emailed customers to inform them of a data breach in which account numbers, addresses, and phone numbers were taken. The email detailed that a third-party contractor was believed to be responsible, and that TalkTalk was taking legal action against them. It was believed that “a few thousand” customers were affected.

On 10 August 2017, TalkTalk were fined again for failing to adequately protect personal data “because it allowed staff to have access to large quantities of customer’s data” which “left the data open to exploitation by rogue employees”.

Published: 19 October 2020    Last Updated: 03 July 2023

Target were breached in 2013. The story was initially broken by Brian Krebs in a post published on 18 December 2013 and titled “Sources: Target investigating Data Breach”. This was followed up by a statement from Target announcing the breach on 19 December. The target confirmation stated the breach lasted between November 27 and December 15.

The breach was achieved through first compromising Target’s HVAC vendor, Fazio Mechanical. This was achieved through a phishing email which deployed malware which targeted credentials. These credentials were then used to access Target’s network.