This document summarizes data breach incidents from 2013. It reports that there were 2,164 data breach incidents in 2013, resulting in over 822 million records being stolen. The largest breaches exposed over 100 million records each. Most breaches were caused by hacking from external sources, with the top causes being malware, stolen computers, and exploitation of vulnerabilities. The largest breaches of 2013 compromised personal information like names, email addresses, passwords, credit cards, and social security numbers from major companies and government agencies. The document emphasizes that data breaches are increasingly common and that all organizations are at risk of being hacked.

1. YEAR OF THE
BREACH
@appnetsecurity
linkedin.com/in/mprerad
mprerad@gmail.com

2. 1993.

3. 1993.
2013.

4. 2164
Data breach
incidents

5. 2164
Data breach
incidents
60% HACKING

6. 2164
Data breach
incidents
60% HACKING
71.2% EXTERNAL

7. 2164
Data breach
incidents
60% HACKING
71.2% EXTERNAL
822 MILLION
DATA RECORDS STOLEN IN 2013

8. THAT‘S ABOUT
1/9
OF WORLD
POPULATION
IN 2013 ONLY

9. 96.8%
of all exposed records involved
outside the organization activity

10. 540+ MILLION
OF RECORDS EXPOSED
NEARLY
1/2
OF INCIDENTS
66.5%
of ALL exposed records

11. 369 million
exposed records

12. TOP 5 BREACHES OF 2013

13. “ There are only two types of companies:
those that have
been hacked
and those that will
be hacked.”
Robert S. Mueller, III
Director, FBI

14. LARGEST
DATA BREACHES
OF 2013

15. Biggest breach in history
152+ MILLION
username + hash password combo
2.8+ MILLION
credit card information
+ source code leak

16. 110+ MILLION
RECORDS EXPOSED
70+ MILLION
NAMES, EMAILS, PHONES
40+ MILLION
CREDIT/DEBIT CARDS

17. 58+ MILLION
names, encrypted passwords, emails

18. 54 MILLION
ID‘s, addresses, names
“in two hours hackers downloaded all the information.”
70%
of whole Turkish
population
Hacked system (for Database and
website Management) didn’t have
ANY security product installed.

19. 50+ MILLION
names, encrypted passwords, emails

20. 50+ MILLION
names, encrypted passwords, emails, date of birth
Good Job: credit card info stored on separate system
Bad Job: SHA1 hashing algorithm used – low protection

21. 42 MILLION
name, encrypted password, emails, birthday
* 56 Homeland Security Dept. employees

22. 22 MILLION
user ID‘s (login), no passwords stolen
No real big value, except possible SPAM
or selling database of emails

23. 20+ MILLION
emails, physical address, phones
* data stolen from hotel reservations

24. 6 MILLION
email and/or phone number
Bug in DYI (Download Your Information) feature
Allowed downloading contacts from friends
Facebook keeping it as small story as
possible outcome is companies
blocking access to FB from work again

25. 4.6 MILLION
Usernames and phone numbers
Announced on 31st December, soon after
declining Facebook offer. Coincidence?

26. 4+ MILLION
username and password combo
No credit card data stolen, stated by Groupon Taiwan

27. 2nd largest HIPAA
breach ever reported to HHS
4+ MILLION
names, addresses, social security number, date of birth
How? 4 unencrypted computers were stolen from HQ

28. 2.4 MILLION
social security numbers, bank accounts, drivers licenses.
Waited 7 months to notify affected persons!

29. 2.4 MILLION
full credit card details
Started by infecting PC‘s with Malware!
It will cost Schnucks several millions of $$$

30. 2 MILLION
names, addresses, ID‘s, bank details, phone numbers
INSIDER INTRUSION!

31. „PONY“ BOTNET ATTACK
2+ MILLION
username, passwords
318.121
70.532
59.549
21.708
Keystroke logging used

32. 1.82 MILLION
username, password, email

33. by exploiting Adobe’s ColdFusion app server
1 MILLION
drivers license numbers, names
160.000
social security numbers

34. 1+ MILLION
usernames, emails, hashed passwords
Infected through 3rd party software

35. 860.000+
usernames, emails, hashed passwords
Zero Day Remote Code Execution
“We found a critical vulnerability in
all vBulletin versions 4.x.x and 5.х.x. and
have successfully uploaded our shell on
the official vBulletin server and dumped
their database after getting root access. ”

36. Critical breach!
850.000
credit card numbers, expiry dates and
associated names and addresses
241.000
high or no-limit American Express
including Fortune 500 CEOs and A-list celebrities

37. 465.000
unknown portion of data
Data of card holders leaked through
temporay unencrypted log file

38. 300.000
names, email addresses, passwords, phone numbers
Hackers tried to BLACKMAIL company
asking for $50.000 for stolen data

39. 250.000
usernames, emails, passwords

40. 100.000+
usernames, emails, addresses
Researcher hack, not real threat

41. BUT...

42. 1 EVENT
BECAME
HISTORY

45. ...AND 1 BECAME FUNNIEST 
* Anonymous hacked North Korean websites, twitter, flickr...

46. 1 HACKER GROUP
WAS VERY ACTIVE

47. Hacked by Syrian Electronic Army

48. Let me remind you of...
Biggest incidents in 2011/2012

49. 2.5 BILLION
TOTAL NUMBER OF
STOLEN RECORDS
* in history

50. THAT‘S ABOUT POPULATION OF
+
India
China

51. SEE WORLD‘S BIGGEST DATA BREACHES
VISUALIZED
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

52. HAVE YOU
BEEN HACKED
???

53. Mihajlo Prerad
slideshare.net/mprerad
@appnetsecurity
linkedin.com/in/mprerad
mprerad@gmail.com

54. Thank You!