Tom Espiner of ZDnet in the UK posted his top 5 security mishaps of 2007 last week. Not surprisingly, TJX topped his list and I'm sure it will be topping a lot of other year-end lists. His other top picks included the breach at Monster.com that exposed the application information of some 1.3 million job seekers, the Salesforce.com employee who fell for a phishing scam and exposed some of their customer data, a UK-based fine on U.K. Building Society Nationwide of 1 million pounds for the loss of a laptop by the Financial Services Authority, and, finally, a mini denial of service attack caused by the Department of Homeland Security when it sent its daily Open Source Intelligence Report on October 3rd.
The continued weaknesses in IT security at the Veteran's Administration, the loss of over 800,000 job applications by GAP, Inc., the numerous breaches at Pfizer, the ease of getting a user ID and password out of an IRS employee, and the whole issue of college data insecurities could all easily make this list or certainly fill out the Top 10.
What would make your list? Better yet, what steps would you suggest to prevent similar incidents in 2008?
I'd love to hear your thoughts.
Contributed by Mark Tordoff
Comments