Data continues to come out about this November 24 Sony breach. In early December, hackers leaked five unreleased movies online and some employees’ Social Security numbers. The security firm Identity Finder found the hack exposed over 47,000 Social Security numbers, including over 15,000 current or former employees. In addition, these numbers appeared more than 1.1 million times on 601 publicly-posted files stolen by hackers. A significant number of files containing the Social Security numbers were accompanied by other personal information, such as full names, dates of birth and home addresses, increasing the chances of identity fraud.
Yahoo news reports that EU holds largest-ever cyber-security exercise.
ATHENS, Greece (AP) — The European Union on Thursday carried out its biggest exercise to prevent cyber-attacks on Europe’s public utilities and communications networks.
The director of the European Network and Information Security Agency, Udo Helmbrecht, told The Associated Press that Thursday’s one-day exercise involving 29 countries and 200 agencies dealt with attack scenarios against “critical infrastructure.”
Helmbrecht said European countries were working to improve their coordination between national security agencies and to further standardize protective software and methods.
Examples of serious past incidents, he said, include a wave of cyber-attacks against Estonia in 2007 that severely affected the country’s banks and government agencies, and the Stuxnet computer virus that was used to target energy and industrial sites in Iran.
“Now this malware is out in the world, so if you are a criminal you can re-engineer it and use it to attack a water supply, or a car manufacturing plant, or a government,” said Helmbrecht, speaking in a windowless office in an EU building where part of the exercise is being held.
The EU agency, based in Iraklio, on the Greek island of Crete, says web-based attacks increased globally by nearly a quarter in 2013 from a year earlier, directed from an increasing number of countries.
“The sophistication and volume of cyber-attacks are increasing every day,” Neelie Kroes, the EU Commission vice president, said in a statement Thursday.
“They cannot be countered if individual states work alone or just a handful of them act together.”
The European cyber-security exercise is held every two years and the results of the current safety tests are due to be issued by the end of the year.
JP Morgan Chase, the largest bank of the US in terms of assets, acknowledged a massive data breach that affected 76 million households and 7 million small businesses. The bank disclosed the extent of the breach in a filing in early October with the Securities and Exchange Commission. The bank reported no unusual customer fraud had resulted from this breach. Hackers obtained personal information such as customer names, addresses, phone numbers and email addresses. However, JP Morgan Chase said that sensitive bank information–account numbers, passwords, social security numbers and birthdates–were not part of the breach. The breach occurred in June and July, and affected customers that used Chase web and mobile services.