The history of data breaches
Table of Contents
While the methods and sophistication of attacks on computers may have changed, one thing that hasn’t changed is the reason behind the breaches–data. All hackers, past and present, have always seen data as the center of their attention.
1984 – The TRW data breach
One cannot overlook the 1984 data breach that exposed financial and personal information for about 90 million people. TRW (now known as Experian) was at that time hosting one of the most extensive databases of confidential records, with approximately 90 million users. It also had their credit history.
TRW was responsible to provide information about users’ credit history and employment details. They also provided details about loan and banking details and, most importantly, their social security numbers. These were sent over a telephone line, to their many subscribers who were mostly banks and departmental stores located in remote areas. Below is an example of some online news coverage about this incident:
The history of data breaches. Figure : Washington Post and NY Times coverage in 1984. It is interesting to note that subscribers were able to log in to the TRW database to query the necessary information about users. These details were confidential and could only be accessed by bank employees or department store managers. Despite the fact that the data was only accessible for reading and could not be modified, it could still be misused.
The password and the manual for accessing the TRW database and operating the TRW system were leaked from a department shop in one location. Once the adversaries had the login and access information, the bulletin boards were used by them to post it. The attackers had not only the login information but also a complete profile of all those who were connected to the bulletin board.
Surprisingly the incident was not discovered by TRW officials for several months (it’s unclear how long). An external party reported the breach to TRW. According to the investigation reports, the database was accessed via the store phone line. TRW did not know how many times it had already been accessed.
Experts at the time suggested that proper monitoring and detection could have flagged this type of activity (note that this is true even today). Investigators suggested that TRW could have prevented the attack by implementing a system that called back the telephone number used to request access. This could have been verified before the information was transmitted.
When comparing 1984’s attack scenarios with today’s, the main points to remember are that the attack vectors, methods and mitigation that could have prevented this attack are all the same. First, the attacker used social engineering to gain login credentials. This is still a common technique today.
They had access to the manual which provided them with complete and accurate information about the TRW system. This may have allowed them to remain undetected for a long time. They also targeted user data to not damage or tarnish company reputations. It’s the same story as today. Attackers gain silent access to the system with different methods and try to remain undetected as much as possible. Then they make use of the stolen information.
1990s – The beginning of computer viruses and other worms
The world was witness to a new challenge at the beginning of the last ten years of the 20th Century.