Yet, another data security breaches of the Famous International Airways- The Cathay Pacific. Alas! This seems to have become a trend – yes we are talking about data security breaches and the frequency with which they are happening. Get up in the morn, switch on your TV, browse your favorite news channel, and in the highlights, you find fresh news related to a fresh data breach of big and famous multinational companies.
Alarmingly alarming! Yes indeed!
On October 24th, it was flash news that data related to Cathay Pacific Airways data had leaked. The news announced that some unknown hackers had got access to the details of the clients of Cathay Pacific, and the personal information of nearly 9.4 Million passengers was breached.
source: twitter
In its defense, Cathay Pacific said that initially, they did discover some suspicious activities in the network way back in March 2018 and started investigating it. In May 2018, they confirmed that a data breach had occurred and the personal information of passengers had been hacked.
After this incident, the airways informed about this huge data breach to the police. A thorough check took place, in which it was found that the personal data included information like passenger’ names, date of births, phone numbers, nationalities, email ids, addresses, passport details, identity numbers, travel histories, and the number of times they were contacted by the customer service. In the case of a frequent flyer, the membership details that he/ she had opted for – All these sensitive details of 9.4 million trusted passengers of the Cathay Pacific were leaked.
Further, Cathay Pacific made it clear that a total of 840,000 passport numbers were accessed, and 245,000 identity card numbers of the Hong Kong citizens were accessed. In addition to this, details related to 403 expired credit cards and 23 credit cards along with the CVV Numbers i.e. the card verification number had been leaked.
However, the company was clueless as to whether the data hacked was being misused. It is found that each passenger succumbed to a different kind of data breach, the combination of the data breach for every passenger was not the same. The IT system of the Cathay Pacific Airways was also affected, this was the reason why Cathay Pacific kept its flight operations far from it. Thus, this ensured no impact on the flight’s safety.
Cathay Pacific is still in the process of contacting the passengers who are affected by this data breach and has been explaining in detail that the account, though accessed completely by the hackers, none of the passwords were compromised on.
CEO of Cathay Pacific, Rupert Hogg, personally apologised to the affected people about the incident that took place. He assured the people that they have taken all preventive steps towards cybersecurity. They are working upon the issue with a leading security firm, to strengthen the security, He promised that nothing of this sort would take place in the future ever again.
Not only Cathay Pacific, few weeks before this incident, data of the British Airways also got leaked. Airways are not the only victims to these breaches. Various other social networking sites also faced these threatening data breaches. The recent data breach related to Facebook, where personal information pertaining to 50 million users got hacked, and password reset messages were sent to 90 million users.
Later on, another big news hit the screens – Alphabet shutting down Google+ in the near future, due to the recent data breach. Here, the information of 500,000 people was exposed, which was due to the vulnerability in the application.
After facing these many data security breaches, the first question that arises in the mind is, Are the people giving their important and personal information, so that it gets hacked? Obviously not! People should be more careful towards all the information they provide and have more security checks. Even while signing up, they should opt for all the security options. It is recommended to add your mail id and password manually, rather than inputting them automatically and include 2-3 security questions. These meticulous practices, will prevent such attacks to the personal information, to some extent at least.
Every morning, as soon as we wake up, we hear the alarming news about Data Security Breaches or the recent data breach that occurred or some MNC data that was breached or hacked. This is the scenario that occurs every second day. This causes a sense of insecurity in the minds of people and tends to scare them no end. People are now worried about the secured data that they provide in online media. People need to be extra cautious and extremely careful while providing their personal information and data in the digital platform.
What is data security breach?
Data Breach occurs when the personal data of a person gets accessed by some other person also known as a hacker. When the data of a person or an organisation geta accessed by these hackers without their knowledge, then the situation is referred to as data breach. The data which the hacker gets access to, is very sensitive and the personal information gets into the danger zone, when the hacker gets access to it. This threatening situation is possible in two different ways:
By the hacker personally accessing the computer or network of the user and stealing the sensitive data and files.
By the hacker, sitting at the comfort of his/her home and getting access to the target person’s computer data, or rather, by bypassing the network remotely and getting access to the desired data.
The second means i.e. by remotely having complete control over the data has become one of the most widely used techniques employed by the cyber hackers. This is one of the reasons for data breach – the data gets breached and the identity of the hackers is not known.
How data breach occur?
Below are some of the ways in which data breach occurs:
Background Research
The cyber hackers always carry out the background research and act accordingly. For any hacking to be a success, background research is mandatory. Importantly, the cyber hackers look for weaknesses or a weak link of the target person or the target company. When they find this weak link, they use it against the person or the company. In other ways, this is the strength that the cyber hackers get and they use this for data breaching.
Take Action
The cybercriminal slowly comes in contact with the users’ system or network and gains an upper hand on it. First, he/she tries to make a contact in the social media site of the user, then slowly digs into the details and gets full access to the user data. The time of the attack is not sudden, instead, it is very slow and he/she obtains the full data of the target user or the company.
Attack on Network or Social
When a hacker gets access to the company’s infrastructure, system, applications and also gets a hang of all the weakness of the company, he/she filtrates them to get access to the company completely. This is a network attack. On the other hand, social attack means tricking the employees of a particular organisation and getting all the data from him/her, like extracting information about- “How to get access to the organisation network?” This can lead to a situation wherein the employee is tricked and his/her user credentials are taken. They may even be asked to provide access to the attachments. This is a strategic malicious move, that can lead to a data breach in an indirect way.
Exfiltration
Once the hacker gets complete access to one system in the network of the organisation, he/she can easily attack the whole company’s software system and gather all the essential and confidential data. If the hacker gets all the data successfully without any hurdles, then the mission of the hacker is accomplished. The company’s data is hacked and the data breach is successful.
Few of the biggest data breaches of the decade:
Below mentioned companies faced some of the biggest data breaches of the era:
Yahoo Security Breach
In the year 2013, a lot of Yahoo accounts-approximately 3 billion were hacked. Yes, you heard it right – 3 billion Yahoo accounts were hacked. It is considered as the biggest data breach of this era. All the users, of Yahoo, were affected by this data breach. The reason behind this mishap, has not yet been found. The US government suspect Russia to be the hacker behind this breach.
eBay
On March 2014, around 145 million customers of eBay received an email to change the password or reset the password. The data breach usually includes encrypted passwords that connect directly to the personal information of the person. Like all other data breaches, the cybercriminals got access to the users to account through the stolen login credentials. The twist here is, the hackers didn’t gather the credentials from the users, whereas they got it from the employees of eBay. Thankfully, the payment option of the users was safe, as it was linked to PayPal, which needed an encrypted password for completing the transaction. So, the users were just asked to change their passwords.
Equifax Security Breach
The Credit Bureau, Equifax was breached in the year 2017, due to which 143 million Americans and many other people from different countries got affected. The unique identities of thousands of people were stolen. Data Breach in Equifax took place several months before it was announced publicly. Equifax had a vulnerable open source software “Apache Struts”, from where the hackers got easy access to the customers’ accounts.
Facebook
The recent data breach that took place was in September this year, when the world’s most used social media site, Facebook got hacked. Around 50 million Facebook accounts were hacked all over the world and 90 million people were sent emails for password resets. This was caused due to some technical glitches at Facebook’s end. Through this, hackers gained access to the private and confidential data of the users. The European Government has taken strict action against it, Facebook had to face the trial in the court and CEO of Facebook, Mark Zuckerberg had to be present in the court trials to testify himself.
Google+
The most recent one, on October 9th, Alphabet, announced that they are going to shut down Google+ soon. This was after the incidence of the data of 500,000 people being exposed. The reason here also was similar – the data got leaked because of the vulnerability in the application which made it easy to gain access for the hackers and the app developers to get into the personal data of the users and exploit it. The data actually was leaked earlier in March 2018, but it was reportedly leaked in October 2018. After a thorough check with the Google employees, it was found that the developers had no clue about it. Presently, all the user data is safe. Following this, a news came that the Google+ will soon be shut-down by Alphabet.
Social media outrages
All these kinds of data breach and the recent data breach that keep surfacing every now and then, make people worry about their valuable personal and sensitive information. People now are facing a big dilemma whether to feel secure with these digital sites or to avoid these sites.
October 16th morning-6:41 EDT: YouTube was down and the network was lost for almost two hours. Not only YouTube, Slack – a professional site for office usage got network Glitches on June 27th this year and lost its network for almost three hours, and people were not able to connect to their workplaces. Those three hours were said to be the most difficult time for the employees and the organisations.
What are all these things leading us to? Whether to believe social media or not? In my view, the data which is much sensitive and important should not be shared in any social platform. Instead, it should be kept at a place where the information would be safe. To secure your social media site, always use several options like double check while login, having security questions, connect to email and access only when scrupulously checked by you. These steps will help in making your information safe in the social media or in the digital platform.
