Lab – What was Taken?

Objectives
Search for and read about a few recent occurrences of security breaches.

Background / Scenario
Security breaches occur when individuals or applications are trying to gain unauthorized access to data,
applications, services, or devices. During these breaches, the attackers, whether they are insiders or not,
attempt to obtain information that they could use for financial gains or other advantages. In this lab, you will
explore a few security breaches to determine what was taken, what exploits were used, and what you can do
to protect yourself.

Required Resources
 PC or mobile device with Internet access

Security Breach Research

a. Use the two provided links to security breaches from different sectors to fill out the table below.
b. Search for a few additional interesting breaches and record the findings in the table below.

 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 1 of 3 www.netacad.com
Lab – What was Taken?

How many victims? What exploits were used?

Incident Affected Reference
Date Organization What was Taken? How do you protect yourself? Source

They used point of sale

malware in stealing information.

Customer data collected from

Point-Of-Sale Terminals,
They manage to
mobile applications, websites -
access 5,200 accounts.
should be encrypted next time
The breached account
as they are transferred to
The contains customer’s
central processing systems.
incident name, contact
Customer data should be
was started The information, last four
encrypted while at rest.
on cybersecurity digits of saved payment
December firm and the card numbers, and
26, 2014 customers purchased history. Securityweek
950,000 people were
I think the attackers easily
victimized. They took
entered the system because
all the customers'
when the reporter asked the
names, addresses and
company if all the accounts
dates of birth were
were encrypted, Centene did
included, as well as
not respond.
their social security
The The numbers, membership
incident information details and health If I were on that situation, I will
was started security firm information but no immediately report it to the
on the year and the financial details were Police in case they will use my
2015 customers stolen. personal data. BBC

The attackers targeted the

Accellion FTA file-sharing
application using a zero-day
vulnerability that allowed
attackers to steal files stored on
the server. The ransomware
https://
gang posted screenshots of
www.bleepingco
files allegedly belonging to the
mputer.com/
cybersecurity firm Qualys. The
news/security/
leaked data includes purchase
The The Cyber Financial information cybersecurity-
orders, invoices, tax
incident security firm including purchase firm-qualys-is-
documents, and scan reports.
started on Qualys was orders, invoices, tax the-latest-victim-
December the affected documents, and scan of-accellion-
2020  organization  reports. hacks/

 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 2 of 3 www.netacad.com
Lab – What was Taken?

In their investigation, Marriott

500 million customers
were being accessed
by the hackers. The
data copied included
guests’ names,
mailing addresses,
phone numbers, email
addresses, passport
numbers, Starwood
Preferred Guest
account information,
dates of birth, gender,
arrival and departure
information,
reservation dates, and
communication
preferences. For
The some, the information
incident The also included payment
was started information card numbers and
on security firm expiration dates,
September and the though these were
8, 2018 customers apparently encrypted.
found data that the attackers
had encrypted and attempted
to remove from the Starwood
systems. By November, they
had managed to decrypt that
data and discovered that it
included information from up
to 500 million guest records,
though those undoubtedly
include duplicate records or
multiple records pertaining to
individual guests. 
If I were on that situation, first,
I will contact all my bank
accounts and request to close
it. With that, attackers will not
steal all my money. I will also
contact the airport where I
bought my tickets and I will
inform them that my personal https://
data were opened by the www.csoonline.c
attackers. om/article/
2130877/the-
biggest-data-
breaches-of-the-
21st-century.html

According to CPO Magazine,

the language used in one of
the lawsuits offers clues about
how the breach occurred. "It https://
The victims were 15 alleges that the data in www.cpomagazin
million Canadian. question was stored on e.com/cyber-
Hackers unsecured servers and not security/lifelabs-
compromised lab test encrypted. It also alleges that data-breach-the-
results and national the network security personnel largest-ever-in-
The The health card numbers, responsible for securing the canada-may-
incident information which revealed names, data were not properly trained cost-the-
was started security firm birthdates, addresses, and that there was not enough company-over-1-
on October and the login IDs, and staff." billion-in-class-
2019 customers passwords. action-lawsuit/

Reflection
After reading about the security breaches, what can you do to prevent these types of breaches?
Data breaches occur when information security and data security are compromised,
resulting in sensitive information, personal information or other sensitive data being
exposed, copied, transmitted, viewed, stolen or used by people with unauthorized access. In
either case the way to protect against these types of breaches is to have a security minded
culture in the work place as well as having a well-established and documented security
program. All of the technology and security devices in the world will not stop a breach if the
company doesn’t follow its own rules.

 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 3 of 3 www.netacad.com