As we look back on the data breaches of 2012 we begin to see a familiar pattern, the lack of compliance. Being compliant won’t stop all data breaches but it is a logical start. Smart Data Collective has a great wrap up of the largest breaches of 2012 and where they lacked compliance.
Here’s a review of the top 2012 data breaches within both the PCI and HIPAA compliant industries, and a quick analysis of what went wrong so you can easily learn from their lessons without accruing the associated costs and legalities.
3.8 Million Tax Records Stolen in Largest State Agency Attack
Both Social Security and credit card numbers were stolen from the South Carolina Department of Revenue by hackers in August. A phishing email enabled hackers to steal credentials from users and eventually steal 74 GB of encrypted and unencrypted data.
Lessons learned: Encryption is a requirement for all organizations (including federal) that store credit card data and therefore need to meet PCI DSS compliance standards. One step ahead of encryption is administrative security, including training staff on security issues, which can prevent users from clicking on phishing emails and allowing the initial breach to occur. Check with any third-parties to ensure their staff is also properly trained.
You can read the complete story PCI & HIPAA Data Breaches of 2012: Lessons Learned