DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

The six worst data breaches of 2011

Posted on December 24, 2011 by Dissent

If you’re looking for the biggest breaches of the year in terms of numbers affected, you can find them over on DataLossDB.org or in others’ reviews. Certainly there were some really big breaches this year, but those were not necessarily the worst, in my opinion. So here’s my short list of the year’s worst breaches involving personally identifiable information. In chronological order:

1.  The  HBGary Federal hack. 

I don’t claim to be a security expert, but if you’re making the claim, then having your server successfully attacked and all your professional correspondence exposed on the web should be seriously embarrassing. Not only should HBGary Federal have been embarrassed, but the February attack also exposed – and brought into negative public light – a well-known law firm. From a public relations standpoint, this breach was an in-your-face and up-your-left nostril attack that should have put everyone on notice that both data security and the collective known as Anonymous needed to be taken more seriously.  In terms of immediate impact, after the firm’s  emails became public, the Chamber of Commerce and Bank of America cut all ties with HBGary.  Two other firms that had collaborated with them – Berico Technologies and Palantir – also cut ties with them.  By the end of the year, however, HBGary CEO Gary Hoglund said that the breach had actually helped their business. Good for them, but not so good for others, perhaps?

2. Texas Comptroller’s Office web exposure incident.

In April, Texas Comptroller Susan Combs reported that the personal information of 3.5 million people had been accidentally disclosed on the web for quite a while – including Social Security numbers, dates of birth and other personal information. No hack necessary to get a goldmine of information for identity theft.  Talk about shooting yourself in the foot…

3. The Arizona Department of Public Safety hack.

A hack by LulzSec in June also makes my list of worst breaches of the year. In a politically motivated attack that presaged other “AntiSec” or political attacks, the hackers released personal information on members of Arizona law enforcement and their families.  For the rest of  the year, releasing personal information on employees and their families became almost routine, despite the fact that the hackers occasionally recognized that calling the exposure of innocent uninvolved people “collateral damage” was not particularly acceptable to many members of the public.

4.  The stolen SAIC/TRICARE backup tapes. 

There were some massive health care sector breaches this year, but the SAIC breach was particularly bad for a few reasons.  Unencrypted backup tapes with medical data on 5.1 million members of the military and their dependents were left in an employee’s car for 8 hours and were stolen.  This was not the first time SAIC had unencrypted backup tapes stolen. In fact, it was the second time since 2010. Despite that and other breaches they have had in recent years, they continue to get huge government contracts.  Members of Congress have now asked why.

5.  Insurance Corporation of British Columbia insider breach.

There’s a lot we don’t know about this breach as yet, but it seems that an employee of the insurance company accessed and then disclosed information on 13 people who were later either shot at or were the victims of arson. Scarily, the employee also accessed information on 52 other people. Will they become victims, too? The RCMP are investigating, but this appears to be one of those breaches where there can be real and serious harm that has nothing to do with ID theft.

6.  Hemmelig.com hack.

Hackers downloaded the entire database of over 26,000 users of Hemmelig.com, a Norwegian site that includes the sex trade.  The downloaded material, which includes images and very personal messages, was dumped on the web.  It seems only a matter of time before we start seeing embarrassing revelations about public figures as well as private citizens.

So that’s my short list. Did I leave out your candidate for worst of the year? If so, what was it?

Related posts:

  • TRICARE discloses SAIC breach: stolen backup tapes held data on 4.9 million (updated)
  • Members of LulzSec Charged for Crimes Affecting Over One Million Victims; “Sabu” Turned on Fellow Hackers
  • The Worst Health Data Breaches in 2016
Category: Commentaries and AnalysesOf Note

Post navigation

← DARPA to start checking your email for threats
Melbournet IT fails to uphold security of its customers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.