Friday, November 1, 2013

Software Data Breach Cyberattacks

Software Data Breach Cyber Attacks ---
also Attacks by Category | Terroristic Incidents

Reference

Ranked

  1. 60 million September 8, 2014 Home Depot Data Breach Could Be the Largest Yet
  2. 40 million Target, $1b cost

Timeline

Year 2016

August 18, 2016 alert FBI: Russian Hackers Breached Election-System Computers By Newsmax Wires | Monday, 29 Aug 2016 The FBI is investigating hacking attacks on at least two state election boards, one of which resulted in data being stolen, according to an alert from the agency’s cyber division.  "The FBI is requesting that states contact their Board of Elections and determine if any similar activity to their logs, both inbound and outbound, has been detected," the agency warned in the alert issued on Aug. 18. The FBI alerted Arizona officials in June that Russian hackers were behind the assault on the election system in that state, The Washington Post reported Monday.

Year 2015

Year 2014

140,000 employees of Sony corporate network shut down Monday November 24, 2014  Sony Cyber Hack Shuts Down Network, Leaks Unreleased Movies Sony was hit by hackers on Nov. 24, resulting in a company wide computer shutdown and the leak of corporate information, including the multimillion-dollar pre-bonus salaries of executives and the Social Security numbers of rank-and-file employees. The corporate network was shut down, disabling e-mail and access to corporate data, and several movies, some yet to be released, were leaked for downloading. North Korea and Iran were  named by analysts as a likely culprit as similarities to attacks on South Korea were uncovered. Sony was still struggling to recover 8 days later.  NewYork Times Sony cancelled movie after 9/11 attacks were threatened against movie theaters. FBI identified North Korea as likely suspect


60 million September 8, 2014 Home Depot Data Breach Could Be the Largest Yet - Bits ... Home Depot confirmed on Monday that hackers had broken into its in-store payments systems, in what could be the largest known breach.. the total number of credit card numbers stolen at Home Depot could top 60 million. By comparison, the breach last year at Target, the largest known attack to date, affected 40 million cardholders. The breach may have affected any customer at Home Depot stores in the United States and Canada from April to early last week.. retailer operates 1,977 stores in the United States and 180 in Canada. That is about 400 more than Target had

25,000 workers August 6, 2014 USIS 2014 Cyberattack USIS announced it was hit by cyberattack that compromised the files of 25,000 Homeland Security workers. “Our internal IT security team recently identified an apparent external cyber-attack on USIS’ corporate network. Experts who have reviewed the facts gathered to-date believe it has all the markings of a state-sponsored attack. The US government announced it will no longer renew contracts with USIS which was the largest background check provider of the U.S. government. USIS has also been slammed for vetting Aaron Alexis, the Washington Navy Yard shooter who killed 12 people, and Edward Snowden, the government contractor who leaked classified information on U.S. electronic surveillance.

Target ignored alarm that detected malware
http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data

March 12, 2014 As part of its efforts to install malware on “millions” of computers worldwide, the National Security Agency impersonated Facebook to trick targets into downloading malicious code.
http://www.foxnews.com/tech/2014/03/12/nsa-pretended-to-be-facebook-in-its-effort-to-infect-millions-computers/

March 11, 2014 Seattle Catholic Archdiocese Data Breach Seattle Archdiocese and FBI investigate a data breach. A man who man volunteers at Holy Rosary School discovered other parents and volunteers at the campus had their taxes falsely filed. It appears that the database of background checks conducted by the church was compromised. Also a church attack.

March 10, 2014 Robbers Break Into Joel Osteen's Cash Vault Joel Osteen's Lakewood megachurch announced that thieves had stolen offerings from Saturday and Sunday from its secured vault sometime after Sunday afternoon, estimated at over $600,000. The offerings were insured, and there was no data breach, but there was credit card information and members should monitor their accounts. Many comments left on internet articles often supported the thieves and condemned Osteen and his church.

Pennsylvania company linked to Target data breach San Jose Mercury News‎ - 2/6/2014

North Country Hospital Acknowledges Another Data Breach eSecurity Planet ‎- 2/6/2014 WCAX reports that Vermont's North Country Hospital has received a regulatory citation from the Centers for Medicare and Medicaid Services (CMS) after two ...

2/5/2014  Data Breach at Rochester MN Hospital - Voice of Alexandria: State News (Rochester, MN) -- There has been a security breach ay Olmsted Medical Center in Rochester. A statement issued by Olmsted Medical Center says officials

Vermont Hospital Reports Second Breach in Four ... - Identity Theft 911 2/1/2014 - North Country Hospital in Newport, Vt., had its second data breach in four months after employees accessed patient medical records without proper .

Area Hospital Reports Possible Data Breach KWTX‑TV 2/4/2014 - A Central Texas hospital Tuesday reported a server breach that may have exposed information about more than 400000 former and current patients, employees .., this would be one of the largest healthcare data breaches ever reported, and the largest by an individual health system. The largest, according toUS Department of Health and Human Services data, involved 780,000 records in a 2012 incident at the Utah Department of Health and 475,000 records in a 2008 report from the Puerto Rico Department of Health

BRYAN (February 4, 2014) St. Joseph Health System Tuesday reported a server breach that may have exposed information about more than about 405,000 former and current patients, employees and the beneficiaries of some employees.

Texas Hospital Discloses Huge Breach - InformationWeek InformationWeek 2/4/2014 -St. Joseph Health System has confirmed a security breach affecting the records of up to 405,000 past and current patients, as well as employees and employees' beneficiaries.St. Joseph says it believed the attack occurred between Dec. 16 and 18, when one of its computer servers was hacked, and that the exposure ended on the 18th when the attack was discovered and the server was shut down

Credit card data breach targets Marriott, Sheraton, other hotels ... www.reuters.com 2/3/2014- (Reuters) - A credit card data breach has been detected that exposed guests at certain Marriott, Holiday Inn, Sheraton and other hotel properties to theft

Target traces data breach to credentials stolen from vendor - latimes ...Los Angeles Times Jan 29, 2014 - “We are committed to working to find not only the perpetrators of these sorts of data breaches but also any individuals and groups who exploit that data via credit ...

Analyst sees Target data breach costs topping $1 billion - TwinCities ...St. Paul Pioneer Press Jan 30, 2014 - Two months into the Target security breach, fraud is turning up on 10 percent to 15 percent of the stolen card accounts, a security specialist says.

Michaels Stores Is Investigating Data Breach - NYTimes.com The New York Times Jan 25, 2014 - SAN FRANCISCO — In what may be the latest in a continuing spate of cyberattacks on American retailers, Michaels Stores said Saturday 

January 20, 2014 Contractor Hacks Credit Cards of Half Of South Korea An IT contractor is arrested after he stole and sold credit card and social security details of 20 million, or nearly half of all 50 million South Koreans

Target data breach part of broader organized attack | ZDNet ZDNet Jan 17, 2014 - A confidential U.S. government report indicates that the Target data breaches were tied to a broader effort against retailers. New malicious software called ..

Target Data Breach Appears Broad, Sophisticated, Report Says ...The Wall Street Journal Jan 16, 2014 - The holiday data breach at Target appeared to be part of a broad and highly sophisticated hacking campaign against multiple retailers,

November 27, 2013 Target Data Breach Financial information of 40 million shoppers who swiped their cards at Target stores between Nov 27 and Dec 15 2013 was stolen, including not only magnetic stripe information but encrypted PIN data. Malware which bore evidence of origin from Russian hackers had been installed on terminal computers which searched memory for unencrypted data. Later investigation revealed 70 million customers may have had names, mailing addresses, phone and e-mail addresses stolen which is not contained on card stripes, but in corporate databases.

October 1, 2013 Chinese hackers crashed the Federal Election Commission’s website Oct. 1, the first day of the partial government shutdown, in “what may be the worst act of sabotage in [the FEC’s] 38-year history,” a non-partisan investigative journalism group reported. foxnews

Iran accused of hacking into US Navy computers | ITworld Sep 27, 2013 · Iran accused of hacking into US Navy computers US officials said the attacks hit an unclassified network, according to The Wall Street Journal

Iran's Teaching Hacking in High School | Micah D. Halpern  Aug 30, 2013 · Courses in computer hacking will be added to the senior high school curriculum in Iran. The announcement was made in mid-August, in order,



Anomymous Hacks New Nation News Website ...Feb 11, 2013 · Anonymous has struck again, this time blackmailing the webmaster of theNew Nation News website into closing the site down permanently. On the site's remaining page, the webmaster states "Due to terrorist criminal attacks and threats to myself, my family, friends and others, I am shutting down this forum".


e-Break-in at Carolinas Health compromises info of 5,600 patientsFierceHealthcare | December 12, 2012 Carolinas HealthCare System is notifying about 5,600 Carolinas Medical Center-Randolph patients that an unauthorized electronic intruder may have compromised their personal health information.

Boston teaching hospital fined $1.5M for data breach FierceHealthcare | September 19, 2012
A teaching hospital for Harvard Medical School and an associated medical practice have agreed to pay a $1.5 million fine in a breach of patient protected health information (PHI), the U.S. Department of Health & Human Services announced Monday
U of Miami Hospital suffers patient data breach FierceHealthcare | September 12, 2012 The personal information of University of Miami Hospital patients has been jeopardized after two former employees inappropriately accessed registration "face sheets" that contained names, addresses, dates of birth, insurance policy numbers and reasons for the visit.

EHR hackers encrypt files, demand ransom Few data breaches are as malicious or as in-your-face as a recent attack on Surgeons of Lake County, a small practice in Libertyville, Ill.Hackers gained access to a server that stored emails and electronic medical records. They encrypted and password-protected the files and then posted a ransom note on the server demanding payment in exchange for the password to unlock the files.The practice instead shut off the server and called police.

May 2012


http://www.washingtontimes.com/news/2012/jan/31/intelligence-chief-iran-russia-china-top-threat-us/?page=all an Iranian hacker, possibly state-sponsored, is widely thought to have been behind several breaches last year of the Internet security system known as Secure Sockets Layer (SSL). Computer users know the system as the padlock in the browser that shows that online shopping, banking and other communications are secure.

Without mentioning Iran, Mr. Clapper said the SSL breach “represents a threat to one of the most fundamental technologies used to secure online communications and sensitive transactions.”


Weaknesses in SSL certification exposed by Comodo security breach InfoWorld Tech Watch‎ Mar 24, 2011 - Comodo Group paints itself as a victim in the case of the hijacked SSL certificates, claiming to be duped by the government of Iraninto ...

NASA Denies Iranian Hacker's SSL Certificate Breach Claims May 29, 2012 - NASA Denies Iranian Hacker's SSL Certificate Breach Claims NASA has officially denied that the agency's systems were breached by the ...  Officials at NASA have officially denied that the agency's systems were breached by an Iranian hacker group identified as the "Cyber Warriors Team." The group had claimed to have compromised a digital SSL certificate issued to the Research and Education Support Services division of the space agency after having coded an HTTPS protocol scanner to find weaknesses in the website. hackers apparently exploited a common vulnerability that is avoidable with proper secure coding techniques, according to an ESA security official. “The group used SQL injection… The use of SQL injection is an admitted vulnerability. This needs to be addressed at a coding level,” the official told ZDNet UK.


Iranian Hackers Claim They Compromised NASA SSL Digital ...Kelly Jackson Higgins
May 21, 2012 - Iranian Hackers Claim They Compromised NASA SSLDigital Certificate ... certificate authority (CA) business in the wake of the massive breach ...

Online Banking Attacks Were Work of Iran, U.S. Officials Say ... NYTimes  Jan 09, 2013 · The skill required to execute the attacks convinced American officials thatIran was behind them, ... Bank Hacking Was the Work of Iranians, Officials Say

Iran denies hacking into American banks - NBC News.com  nbcnews  DUBAI — Iran denied its hackers attacked American banks, the semi-official Fars news agency reported on Sunday, following reports that... Sep. 23, 2012 hacking of websites and corporate networks at Bank of America, JPMorgan Chase & Co and Citigroup began in late 2011 and escalated this year, people familiar with the situation told Reuters. "We officially announce that we haven't had any attacks," Head of Iran's civil defence agency Gholam Reza Jalali told Fars,.. National security officials told NBC News earlier this week that the continuing cyber attacks last week that slowed the websites of JPMorgan Chase and Bank of America were being carried out by the government of Iran. One of those sources said the claim by hackers that the attacks were prompted by the online video mocking the Prophet Muhammad was just a cover story.


Attacks on 6 Banks Frustrate Customers By NICOLE PERLROTH September 30, 2012 Six major American banks were hit in a wave of computer attacks last week, by a group claiming Middle Eastern ties, that caused Internet blackouts and delays in online banking. http://www.nytimes.com/2012/10/01/business/cyberattacks-on-6-american-banks-frustrate-customers.html?_r=0


American intelligence officials blame Iran for a similar, subsequent attack on RasGas, the Qatari natural gas giant, two weeks after the Aramco attack. They also believe Iran engineered computer attacks that intermittently took America’s largest banks offline in September, and last week disrupted the online banking Web sites of Capital One and BB

August 30, 2012 RasGas attackRasGas, new cyber attack against an energy company - Security  A new strange attack has hit Qatar’s natural gas pumper RasGas, like happened to Saudi Aramco company a virus has infected machines of its network.

Natural gas giant RasGas targeted in cyber attack - SC Magazine Aug 31, 2012 · August 31, 2012 Natural gas giant RasGas targeted in cyber attack. Reports have surfaced that liquified natural gas (LNG) producer RasGas, based in the ...

Mystery virus attack blows Qatari gas giant RasGas offline • The A mystery virus has infected the network of Qatar's natural gas pumper RasGas, prompting bosses to pull the plug on the biz's internet connection. Office systems …

Cyber attack takes Qatar's RasGas offline - Politics & Economics ... Aug 30, 2012 · RasGas, the second largest producer of Qatari LNG after Qatar Petroleum, has been hit with an "unknown virus" which has taken the company offline. A RasGas ..

August 15, 2012

Cyberattack on Saudi Oil Firm Disquiets U.S. - NYTimes.com Oct 24, 2012 · It raised suspicions that the Aramco hacking was ... two weeks after theAramco attack. They also believe Iran engineered computer attacks that ...On Aug. 15, more than 55,000 Saudi Aramco employees stayed home from work to prepare for one of Islam’s holiest nights of the year — Lailat al Qadr, or the Night of Power — celebrating the revelation of the Koran to Muhammad. That morning, at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag. United States intelligence officials say the attack’s real perpetrator was Iran.. virus — called Shamoon after a word embedded in its code — was designed to do two things: replace the data on hard drives with an image of a burning American flag and report the addresses of infected computers — a bragging list of sorts — back to a computer inside the company’s network.


he same name, Wiper, had been given to an erasing component of Flame, a computer virus that attacked Iranian oil companies and came to light in May. Iranian oil ministry officials have claimed that the Wiper software code forced them to cut Internet connections to their oil ministry, oil rigs and the Kharg Island oil terminal, a conduit for 80 percent of Iran’s oil exports. Flame had been siphoning data from computers, mainly in Iran, for several years. Security researchers believe Flame and Stuxnet were written by different programmers, but commissioned by the same two nations.


If American officials are correct that Shamoon was designed by Iran, then clues in its code may have been intended to misdirect blame. Shamoon’s programmers inserted the word “Arabian Gulf” into its code. But Iranians refer to that body of water as the Persian Gulf

Iran suspected for the attack on the Saudi Aramco - Security AffairsHacking; Intelligence; Laws and ... The real reason behind the attack appears to be the dispute between Iran and Saudi Aramco Over Oil Embargo placed upon Iran by ...

Saudi Aramco, war of information on the cyber attack - Security ...Hacking; Intelligence; ... one of the world’s largest oil companies the Saudi Aramco was attacked by a ... last October U.S. declared that Iran was behind ...

Did Iran Hack The World's Biggest Oil Company? - Yahoo NewsOct 24, 2012 · From Yahoo News: Saudi Aramco, the world's most valuable company, was recently hit by a nasty computer virus and the U.S. says Iran is to blame for it.


Iran denies hacking into American banks - NBC News.com


Programmer Ibrahimshah Shahulhameed Fired For Attacking Toyota NetworkAugust 24, 2012 In Kentucky, Toyota sues an Indian contract programmer Ibrahimshah Shahulhameed, and FBI charged him with a crime after he sabotaged its computer systems at Toyota Motor Manufacturing after he was fired. The Indian contract programmer apparently attacked the system -- crashing it in the process -- and managed to download information that is "highly confidential".... accessed the U.S. parts supply website portal toyotasupplier.com, manipulating 3 web applications and altering security certificates that caused system failure. After doing so, the programmer downloaded documents including pricing specs, parts and quality testing data.


April 2012

Did Iran Hack a Captured U.S. Stealth Drone? - wired.comFour months after capturing a crashed U.S. stealth drone near the Iran-Afghanistan border, Tehran claims it has hacked into the ‘bot’s classified mission-control ...

Tibet Group Phished in Canada apparently by China
Daily Beast On February 23, 2012, an email was sent to the director of Tibet Group 1, an activist organization, addressed personally, and appeared to come from Mr. Cheng Li, a prominent China scholar based at the Brookings Institution. The email requested the assistance of Tibet Group 1 in verifying information on Tibetan self-immolations. The name and title provided in the email matched real details for Cheng Li provided on his Brookings Institute staff page. But the director noticed that the email was sent from a suspicious AOL account, and turned to University of Toronto’s CitizenLab in 2012. CitizenLab experts. It was soon discovered that the account appeared to have been registered by the attackers for this specific attack. Attached to this email was an Excel spreadsheet with malware. The Chinese security services were thought to be behind it because the operation was very sophisticated.


White Nationalist Websites Allegedly Being ...Jan 31, 2012 · A number of white nationalist websites in the United States are being targeted and attacked, allegedly by the shadowy hacktivist group called Anonymous


Year 2012

The largest hospital data breach, according toUS Department of Health and Human Services data, involved 780,000 records in a 2012 incident at the Utah Department of Health and

Patients sue UCLA over encrypted data breach December 22, 2011 | By Alicia Caramenico UCLA Health System faces a class-action lawsuit regarding a data breach that involved the electronic health records of 16,288 patients.Even though the hard drive, which was stolen during a home invasion of a former employee, was encrypted, a piece of paper with the password needed to access patient data was lost as well, as FierceHealthcare previously noted.Read more: Patients sue UCLA over encrypted data breach - FierceHealthcare http://www.fiercehealthcare.com/story/patients-sue-ucla-over-encrypted-data-breach/2011-12-22#ixzz2sbdEshtm

FierceHealthcare | November 7, 2011 A piece of paper with the password to personal information of 16,288 patients is missing after a home invasion of a former employee.Read more: data breach - FierceMobileHealthcare | Page 2 http://www.fiercemobilehealthcare.com/tags/data-breach?page=2#ixzz2sbeALJZh


Sutter Health faces second lawsuit over data breach of 4.2M patients FierceHealthcare | November 30, 2011


It's only been days since patients sued Sutter Health over its largest data breach, and the Californian health system faces a second class-action lawsuit. Like Karen Pardieck's complaint, the law: data breach - FierceMobileHealthcare | Page 2 http://www.fiercemobilehealthcare.com/tags/data-breach?page=2#ixzz2sbdXAabR

Sutter Health stolen computer risks 4.2M patients' data FierceHealthcare | November 17, 2011 The personal data of 4.24 million Sutter Health patients has been jeopardized after a desktop computer was stolen last month, reports the Sacramento Business Journal. Sutter Health immediately:

Internet worm compromises data of 176,000 at health system, university November 14, 2011 | By Karen Cheung-Larivee A Internet worm potentially exposed the personal information of 176,567 individuals, including that of VCU Health System and Virginia Commonwealth University employees and students, according to updated information VCU posted Saturday. An Internet worm infected two servers last month, allowing an intruder to access one server for nearly an hour and another server for 16 minutes the following day. The data breach was discovered on Oct. 24Read more: Internet worm compromises data of 176,000 at health system, university - FierceHealthcare

HHS report: Nearly 7.9M health records exposed FierceHealthcare | September 8, 2011 Since the required reporting began in 2009, there have been more than 30,000 data breaches, affecting nearly 7.9 million people who have had their health records exposed, according to a new report by


February 2011

Church website hacked by Anonymous during Westboro Baptist Church interview
Church suffers data breach during live radio interview | Oxford ...Church suffers data breach during live radio interview. Posted on February 25, 2011. A small but highly militant Kansas church which has gained national ..A small but highly militant Kansas church which has gained national notoriety for its virulent anti-gay rhetoric and provocative pickets of soldiers' funerals recently suffered a large-scale data breach on its home website during a live radio interview.A purported member of an online group of hackers calling itself Anonymous called into an interview on the David Pakman show with Shirley Phelps-Roper, one of the leaders of the Westboro Baptist Church, accusing her of provoking the ire of Anonymous by faking a letter from the group.Westboro's website was still down as of February 25, along with a statement from Anonymous posted on a Westboro-associated page saying that the site had been hacked in accordance with "rule #14 of the internet.


January 6, 2011 Aaron Swartz was arrested by MIT police on state breaking-and-entering charges, after systematically downloading academic journal articles from JSTOR. Federal prosecutors later charged him with two counts of wire fraud and 11 violations of the Computer Fraud and Abuse Act, carrying a cumulative maximum penalty of $1 million in fines, 35 years in prison, asset forfeiture, restitution and supervised release. Two years later on January 11, 2013, two days after the prosecution denied his lawyer's second offer of a plea bargain, Swartz was found dead in his Brooklyn, New York apartment, where he had hanged himself. On January 10, 2014 "the hacktivism entity Anonymous hacked and defaced MIT [website] letting the institution know Anonymous will not forget the tragic suicide of hacker Aaron Swartz."


March 25, 2010,

Albert Gonzalez sentenced to 20 years in federal prison for a series of credit card and ATM hacking sprees Albert Gonzalez (born 1981) is an American computer hacker and computer criminal who is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card andATM numbers from 2005 through 2007—the biggest such fraud in history. Gonzalez and his accomplices used SQL injection to deploy backdoors on several corporate systems in order to launch packet sniffing (specifically, ARP Spoofing) attacks which allowed him to steal computer data from internal corporate networks. During his spree he was said to have thrown himself a $75,000 birthday party and complained about having to count $340,000 by hand after his currency-counting machine broke. Gonzalez stayed at lavish hotels but his formal homes were modest.[1]


Gonzalez had three federal indictments:
May 2008 in New York for the Dave & Busters case (trial schedule September 2009)
May 2008 in Massachusetts for the TJ Maxx case (trial scheduled early 2010)
August 2009 in New Jersey in connection with the Heartland Payment case.

On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.

Gonzalez along with his crew were featured on the 5th season episode of the CNBC series American Greed titled: Episode 40: Hackers: Operation Get Rich or Die Tryin’.[2]


Year 2010: Bradley Manning leaks massive documents to Wikileaks Chelsea Elizabeth Manning[4] (born Bradley Edward Manning is a United States Army soldier who was convicted in July 2013 of violations of the Espionage Act and other offenses, after releasing the largest set of classified documents ever leaked to the public. Manning was sentenced in August 2013 to 35 years confinement with the possibility of parole in eight years, and to be dishonorably discharged from the Army. Assigned in 2009 to an Army unit in Iraq as an intelligence analyst, Manning had access to classified databases. In early 2010 she leaked classified information to WikiLeaksThe material included videos of the July 12, 2007 Baghdad airstrike, and the 2009 Granai airstrike in Afghanistan; 250,000 U.S. diplomatic cables; and 500,000 Army reports that came to be known as the Iraq War logs and Afghan War logs. Much of the material was published by WikiLeaks or its media partners between April and November 2010.

Year 2009

July 2009: A network of hijacked computers mostly based in South Korea launched a series of coordinated cyber attacks against government, news media, and financial websites in South Korea and the United States. It used a botnet—a large number of hijacked computers, based mostly in South Korea— to overwhelm services with traffic in a DDoS attack. The timing and targeting of the attacks have led to headlines blaming North Korea (Pyongyang blamed as cyber attack hits S Korea". Financial Times.). Targets in the USA included the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department and the White House. In Korea, the presidential Blue House, the Defense Ministry, the National Assembly, Shinhan Bank, newspaper Chosun Ilbo and Internet portal Naver.com were affected.


 2009 non-retail Heartland Payment Systemscompromise, affected 130 million credit cards

Security breach (wikipedia)

On January 20, 2009 Heartland announced that it had been "the victim of a security breach within its processing system in 2008".[3] The data stolen included the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards; with that data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.[4] Albert Gonzalez was indicted in August 2009 on charges of masterminding the attack.[5]

Year 2008

Aug. 5, 2008, Mysterious '08 Turkey Pipeline Blast Opened New Cyberwar ...Bloomberg L.P.Dec 10, 2014 - BTC Pipeline Explosion in Turkey ... Hackers had shut down alarms, cut off communications and super-pressurized the crude oil in the line, ...The pipeline was outfitted with sensors and cameras to monitor every step of its 1,099 miles from the Caspian Sea to the Mediterranean. The blast that blew it out of commission didn’t trigger a single distress signal....The Turkish government publicly blamed a malfunction, Kurdish separatists claimed credit and BP Plc had the line running again in three weeks. The explosion that lit up the night sky over Refahiye, a town known for its honey farms, seemed to be forgotten. It wasn’t. For western intelligence agencies, the blowout was a watershed event. Hackers had shut down alarms, cut off communications and super-pressurized the crude oil in the line, according to four people familiar with the incident who asked not to be identified because details of the investigation are confidential. The main weapon at valve station 30 on Aug. 5, 2008, was a keyboard. The revelation “rewrites the history of cyberwar,

 2nd largest health data breach was 475,000 records in a 2008 report from the Puerto Rico Department of Health
During the 2008 South Ossetia war a series of cyberattacks swamped and disabled websites of numerous South OssetianRussianGeorgian, and Azerbaijani organisations. August 2008, Russia again allegedly conducted cyber attacks, this time in a coordinated and synchronized kinetic and non-kinetic campaign against the country of Georgia In 2008, Russia began a cyber attack on the Georgian government website, which was carried out along with Georgian military operations in South Ossetia.


On 5 August 2008, three days before Georgia launched its invasion of South Ossetia, the websites forOSInform News Agency and OSRadio were hacked. The OSinform website at osinform.ru kept its header and logo, but its content was replaced by a feed to the Alania TV website content. Alania TV, a Georgian government supported television station aimed at audiences in South Ossetia, denied any involvement in the hacking of the websites. Dmitry Medoyev, at the time the South Ossetian envoy toMoscow, claimed that Georgia was attempting to cover up information on events which occurred in the lead up to the war.[2]
One such cyber attack caused the Parliament of Georgia and Georgian Ministry of Foreign Affairswebsites to be replaced by images comparing Georgian president Mikheil Saakashvili to Adolf Hitler.[3]Other attacks involved denials of service to numerous Georgian and Azerbaijani websites,[4] such as when Russian hackers allegedly disabled the servers of the Azerbaijani Day.Az news agency.[5] The governments of EstoniaUkraine, and Poland offered technical assistance and mirrored web pages forGeorgian websites to use during the attacks.[6][7][8]

While Day.az claimed that Russian intelligence services conducted the denial-of-service attacks (DDoS) on Georgian informational and governmental websites through a proxy in this period,[5] the Russian government denied the allegations, stating that it was possible that individuals in Russia or elsewhere had taken it upon themselves to start the attacks

Year 2007 

April 26, 2007 Russian hackers allegedly attacked Estonia's infrastructure in 2007 Cyberattacks on Estonia refers to a series of cyber attacks that began 27 April 2007 and swamped websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's row with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn.Most of the attacks that had any influence on the general public were distributed denial of service type attacks ranging from single individuals using various methods like ping floods to expensive rentals of botnets usually used for spamdistribution. Spamming of bigger news portals commentaries and defacements including that of theEstonian Reform Party website also occurred. Some observers reckoned that the onslaught on Estonia was of a sophistication not seen before
As of January 2008, one ethnic-Russian Estonian national has been charged and convicted.Sergei Markov of the Russian State Duma has stated his unnamed aide was responsible in orchestrating the cyber attacks acting on his own. On 10 March 2009 Konstantin Goloskokov, a "commissar" of the Kremlin-backed youth group Nashi, has claimed responsibility for the attack.[9] Experts are critical of these varying claims of responsibility.[10]...experts believed that such efforts exceed the skills of individual activists or even organised crime as they require a co-operation of a state and a large telecom company.[4]

2007 retail TJX Companiescompromise, affected 90 million people.[49] 


http://news.bbc.co.uk/2/hi/science/nature/57687.stmFebruary 18, 1998 Published at 03:48 GMT
Fired programmer accused of 'bombing' company's systems a man and a computer can cost a company millions A sacked programmer has been charged in one of the biggest computer sabotage cases in history. Timothy Lloyd was fired from his job as chief network programme designer by Omega Engineering in July 1996 after 11 years with the company. Omega Engineering makes instruments used by NASA and the US Navy among others. Three weeks later, it is alleged, he set off a software "bomb" which permanently deleted all of the company's design and production programs. He is also accused of taking home about $50,000 (£30,500) worth of computer equipment and software from the company. Philadelphia Assistant District Attorney V Grady O'Malley said he understood the company "came to a screeching halt" after the files were deleted, and "they had to start from scratch".

Year 1971

Burglars Who Took On F.B.I. Abandon Shadows - NYTimes.com  The New York Times by Mark Mazzetti Jan 7, 2014 - Burglars who broke into an F.B.I. field office in 1971 and stole files that ... The burglary was the idea of William C. Davidon, a professor of physics at ... that the contours of Cointelpro — shorthand for Counterintelligence ... It Was Time to Do More Than Protest": Activists Admit to 1971 FBI ...www.democracynow.org/.../it_...‎


Democracy Now!Jan 8, 2014 The burglars' identities remained a secret until this week when they finally ... details about FBI abuses and the then-secretcounter-intelligence program to ... by the nonprofit news organization Retro Report for The New York Times. ... A new book, The Burglary, reveals for the first time who d it and how ...
'Burglars' Revealed: Sixties Activists Who Stole FBI COINTELPRO ...


https://www.commondreams.org/.../07-0‎









Common Dreams NewsC...


Jan 7, 2014 - 'Burglars' Revealed: Sixties Activists Who Stole FBI COINTELPRO Files... (Photo: Mark Makela for The New York Times)In an exclusive with the New ... aprofessor of public and international affairs at the University of Georgia ...

To be added -

Snowden

Pentagon papers


Computer Software Attacks Ninjapundit Crime
100 12/3/2013