Biggest Manufacturing Data Breaches of the 21st Century
Learn about some of the most important data breaches in the manufacturing industry in Data Protection 101, our series on the fundamentals of information security.
Data breaches hit a record high in 2017, especially in the manufacturing industry. There were 620 separate data breach incidents in manufacturing alone. To put this into perspective, there were a reported total of 1,579 breaches in all of the US for the same time period. Due to the highly-connected nature of manufacturing companies (e.g. robotics), vulnerability to hacks is more common than most other sectors.
There is much to learn from the high volume of reported breaches. Lack of knowledge is perhaps the greatest vulnerability. In order to better grasp the threats of a hostile internet and begin to guard against potential breaches, we’ve compiled a list of 10 important manufacturing data breaches. There is no particular order to the list; each case gives unique insight into the threats looming over the industry.
In early June 2015, LC Industries experienced a breach that resulted in the loss of over 3700 customer records. The data hacked included 22 New Hampshire residents, requiring the issuance of a public statement to the NH Department of Justice. Malicious code was discovered embedded in one of their retail sites. Upon further investigation, it was discovered that the code was used to gather personal information.
Even though the primary business of LC Industries is the manufacturing of over 2,000 tactical goods, including some for the U.S. Military, the company also owns consumer-based retail companies. One of these companies was the target of the hack. With increasingly stringent privacy laws, more breaches will require the notification of local authorities, federal authorities, and the public.
FACC is an aircraft manufacturer and supplier. Some of the company’s clients include AirBus and Boeing. In early 2016, hackers, posing as the FACC CEO, managed to steal approximately $54 million via an email exchange. Posing as an executive or high-ranking member of a company in order to steal sensitive information is known as a whaling attack. Whaling attacks are a form of social engineering designed to trick victims by use of authority and trust. This particular scam is known as the “Fake President Incident” and resulted in the termination of then CEO, Walter Stephan.
Well-known undergarment manufacturer HanesBrands was hacked around June/July of 2015. Over 900,000 customer records that included phone numbers were compromised. The hacker was able to access the data via a “guest” account from the Hanes website. Data collected was not incredibly sensitive and, according to a Hanes spokesperson, included details that could be found on things like a, “packing label or restaurant receipt.”
Foxconn is known for manufacturing components for Apple. The company is based in China, where working conditions have come under scrutiny. One group, Swagg Security, took credit on Twitter for hacking Foxconn and reportedly released sensitive data that included usernames and passwords for very large corporations in the technology space.
@BBCBreaking | Foxconn Hacked by Swagg Security http://t.co/dxstwQdq#HackingWithSwagger #SwaggSec #Foxconn— Swagg Security (@SwaggSec) February 8, 2012
Boeing is one of the largest airplane manufacturers in the world and has one of the most interesting data breaches on this list. In 2017, an employee asked their spouse to help with formatting on a document with the information of 36,000 Boeing workers. This meant that an email containing sensitive employee information was sent outside of the company’s network. After a thorough investigation, none of the information appeared to have leaked beyond the spouse.
DuPont is a large conglomerate of scientific research and product manufacturing. Its research is one of its largest assets and was compromised by an insider breach. A company employee accepted a job with a competitor and downloaded nearly 40,000 sensitive files to bring with him to his new employer in 2005. Dozens of the files were found on a laptop owned by his new employer after DuPont noticed the abnormally high database utilization.
Royal Dutch Shell
In 2010, oil and gas company Royal Dutch Shell, popularly known as “Shell,” had sensitive data on 176,000 employees stolen. The data included names and phone numbers for the company’s worldwide workforce. The data was emailed to “environmental and human rights campaign groups” by “disaffected staff” who were unhappy with some of Shell’s business practices.
The incredibly popular technology manufacturer Apple experienced one of its largest breaches of user account data in the company’s history in 2015. A malware, known as “Keyraider”, was discovered after it had already obtained sensitive information for 225,000 iPhone users in nearly 20 countries around the globe. Keyraider targets jailbroken iPhones, whose users reported abnormal app purchases and their phones held for ransom.
Data breaches in the manufacturing industry accounted for more than one-third of all reported data breaches in the U.S. in 2017. The manufacturing industry will likely remain a prominent target for cybercriminals, so manufacturing companies must take a proactive approach to security in 2018 and beyond.
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business