The New Year is barely a couple of weeks old and already we’re seeing some brazen and possibly huge data breaches. Fans of the Huffington Post were greeted a couple of days ago with a Twitter message from the Post that said simply “Sorry about that, Twitterverse! We know we’ve been hacked and are working to resolve the issue as quickly as possible.” Seems like someone managed to hack into their Twitter account and post a bunch of offensive messages.

And while that probably wouldn’t make the list of the Top Hacks Ever, the recent Zappos hack just might. Zappos is the online shoe and clothing store now owned by Amazon.com. The firm recently confirmed that hackers may have gained access to the accounts of more than 24 million of its customers. The company does point out that credit or debit cards were not exposed, but the hackers were able to steal Zappos’ customer names, e-mail addresses, addresses, phone numbers, and the last four digits of credit card numbers.

And that’s more than enough to commit massive identity fraud, because while it’s easy to change a password, it’s not so easy for 24 million consumers to change their names, address, and phone numbers. Hardly surprising that Zappos was so overwhelmed by calls from worried customers that it announced it would no longer be taking phone calls; instead, customers would have to email their questions. But most disappointing was the fact that I could find absolutely no mention of the attack anywhere on the company’s web site.

And 2011 was not a good year for data breaches, unless of course you were a hacker. The non-profit Identity Theft Resource Center (ITRC), which has been tracking data breaches for years, recorded more than 400 data breaches in 2011 that exposed more than 22 million personal records. Perhaps most troubling is the fact that more than 80% of these breaches include the exposure of Social Security numbers.

And as I’m always fond of saying, this number just reflects reported breaches – breaches that were uncovered and reported by the victim organizations. The total number of breaches – including those that were either discovered but not reported or just never discovered – may never be known.

No related posts.