8 of 20Image
May: U.K. government caught snooping on citizen data
A U.K. government department was found snooping on citizen data and many civil servants were reprimanded for looking at medical records, National Insurance numbers, (the U.K. version of 'Social Security') and even criminal records, according to a series of Freedom of Information requests.
Ultimately, it was found that there were 150 'breaches' of data security by staff at the U.K. Department for Work and Pensions, and the National Health Service (NHS)-running U.K. Department of Health over a 13-month period.
While the secure and confidential data may not have ended up in the hands of criminals or anyone outside of the department, it was a gross invasion of citizen privacy nonetheless.
June: LinkedIn password breach affects 6.46 million users
A Russian forum user claimed to have downloaded 6.46 million passwords belonging to LinkedIn users, though the stolen passwords were cryptographically hashed. However, many of those passwords weren't salted, meaning it was relatively easy to convert the simpler passwords into a readable format.
LinkedIn shortly confirmed the data breach but did not explain how the passwords were accessed. Affected accounts were disabled and password reset emails were sent out. The later cleanup effort cost the professional social networking company around $1 million, and another $2-3 million in forensic work and security upgrades.
Password breach hits 1.5 million eHarmony users
Only a few days after the LinkedIn breach, dating Web site eHarmony was hit with a similar attack that led to the exposure of 1.5 million hashed passwords. The firm's security practices were not as strong. Its security systems only saved the user's password -- despite some users owning multi-case passwords -- in upper-case characters only, further weakening the system.
- Read more: Sex Tech: eHarmony password scandal