NCC's top ten security blunders of 2008

IT security consultantNCC Grouphas picked its top ten IT security blunders of 2008.

"2008 should go down as the year IT security forgot. Or, more accurately, the year everyone forgot about IT security. Countless well-known organisations have hit the headlines for thoughtlessly misplacing important data, and it's probably safe to say that public confidence in data protection is at an all-time low," said NCC.

The Top Ten

1. MoD up in arms over never-ending data loss gaffes, losing nearly 200 hi-tech gadgets this year alone, including: 72 hard drives, 62 laptops, 59 memory sticks and four desktop computers.
2. Presidential candidates become targets for hackers. It emerged in October that sophisticated hackers infiltrated the computer systems of Barack Obama and John McCain during the US presidential campaign.
3. In September, Republican vice-presidential candidate Sarah Palin fell victim to e-mail hacking when her Yahoo account was breached.
4. In August, a laptop sold on Ebay for a bargain £77 and was found to contain information on several million bank customers, originally held by archiving firm Graphic Data.
5. Search record hell for AOL. AOL released 20m search records from 650,000 users, collected between March and May this year. The ill-planned stunt in August was designed to benefit the academic community, but put the individual users at risk of ID fraud and worse.
6. Crime doesn't PA. PA Consulting, the Home Office's hapless IT contractor, was responsible for a high-profile data loss in August, when a memory stick containing the details of 127,000 criminals in England and Wales went missing.
7. All not quiet on the Best Western front. In August, an Indian hacker breached the Best Western Hotel Group's online booking system and gained access to a database containing details of 8m customers.
8. Birthday blunder for Facebook. Facebook inadvertently disclosed 80 million users' date of birth during a publicly accessible beta test version of the new site in July. The boob put users at risk of ID theft.
9. Clothes retailer careless with credit cards. 38,000 credit card details were stolen after Manchester-based clothing business Cotton Traders suffered a web application-level hack in January, despite being PCI DSS-compliant.
10. Data stick makes it as far as the pub. Bucking the trend for leaving valuable data on trains or in taxis, an employee of Atos Origin, a government subcontractor, may have had one too many post-work drinks when he left a memory stick holding passwords for a government computer system in the car park of a pub in Staffordshire. The system gave access to services including tax returns and child benefits.

NCC Group corporate site >>