Since the dawn of time, people have misplaced things and information has been lost. Whether it be through the manipulation of ancient manuscripts or the improper configuring of computer scripts, all data has the potential to be compromised or lost completely. As hosting providers, protecting sensitive client data is part of your job description, so every known case of data loss offers an opportunity to learn and refine your technology and internal processes. What are some of the most notable instances over the years (or centuries)? Keep reading!
1. Robbing a Bank - Breach of JPMorgan Chase
Ah yes, we all remember the attack on JPMorgan last summer. When the names, emails, addresses and phone numbers of 76 million households and 7 million small businesses are stolen from the US's largest bank, it's kind of hard to keep quiet. In case you need a refresher, hackers initiated the breach by using stolen employee account credentials to access the bank's system. Despite spending a cool $250 million on computer security, JPMorgan had failed to upgrade one of its servers with a double authentication scheme. Had the bank's security team implemented this dual password security measure, the hackers would have been prompted to provide a second one-time password to gain entry to the system and millions of account holders could have been spared. Instead, an incident which could have been easily avoided led hackers to access at least 90 servers prior to being caught, thankfully before stealing customers' financial information.
2. A Not So Trusty Companion - Microsoft Loses Sidekick User Data
Our next data loss incident comes via two companies you've never heard of, Microsoft and T-Mobile. Back in 2009, 800,000 Sidekick users were kicked where it hurts when their phone's sensitive information including contacts, photos, and calendar events were lost due to server failure. Two years prior, Microsoft had acquired the T-Mobile smartphone's original producer ironically named, Danger, Inc. As part of this acquisition, Microsoft also took over the ownership of Danger's data center. Not long after, Sidekick users noticed prolonged service disruptions until eventually, Microsoft discovered that this data center had not been updated to run on Microsoft technology, which ultimately led to the system failure. Despite the companies' initial fears, the majority of user data was recovered. Still at the time, the disaster had wide-reaching implications towards the public opinion on cloud computing. If only they had had site-to-site data replication in place!
3. Data Loss Nightmare for DreamHost
In 2007, web hosting provider DreamHost faced public scrutiny when 700 websites and 3,500 FTP accounts hosted on their servers were compromised. One headache after another, the company first detected IOS bug on their core 2 router. After resolving the matter, DreamHost thought they were in the clear, but things took a turn for the worse when customers started complaining that their sites were down. The hosting provider discovered significant data loss in the nameserver database and again thought they had solved the issue by running scripts. After completing these scripts and finding many domain names still missing, DreamHost learned dns records were being deleted. For the sake of brevity, we'll skip the twisted, frustrating chain of events and aggravating realizations and skip to the part where the company documented their learning process and apologized to clients:
So what did they learn that could save you a world of trouble?
4. Jail Break - British Home Office Loses Data on All English and Wales Prisoners
Imagine the fallout of losing records of prison inmates. In 2008, the British Home Office experienced this firsthand when data on 84,000 English and Wales prisoners was lost. How? Not surprisingly, the flub was due to the security ignorance of one of the Office's own employees. Said employee downloaded all of the sensitive prisoner data from the British Home Office's servers onto get this...a thumb-drive, one of the easiest data storage devices to lose. Well, that's exactly what happened. That same employee didn't think twice about toting around "data from the Police National Computer, containing personal information about 33,000 individuals with six or more recordable convictions in the last 12 months (names, addresses and dates of birth); data relating to [approximately 10,000] prolific and other priority offenders (names and dates of birth, but not addresses); data relating to all [84,000] prisoners in England and Wales (names, dates of birth and, in some cases, expected prison release date and date of Home Detention Curfew); and Drug Interventions Programme data, with offenders' initials but not full names." But in the end, did end up misplacing the USB stick. The blunder just goes to show you that in order to prevent data loss, you have to marry modern and secure data infrastructure with enforcable data security policies.
5. No Setting Fires in the Library - Destruction of the Library of Alexandria
Let's rewind a few years back to a time when AD followed the year we referred to. The Library of Alexandria was the cultural monument of the ancient world, a treasured cornerstone of scholarly pursuits. That is, until it was burned and 500,000 scrolls containing advanced works of mathematics, astronomy, physics, natural sciences, poetry etc. all turned to ashes. While scholars debate who and what caused the destruction of the revered archive of knowledge, the historical event has come to be known as a "symbol of knowledge and culture destroyed." The library's scrolls and books were the only existing set, but had the great intellectual thought leaders thought to make redundant copies of their works, they could have evaded such a devastating case of data loss.
And while we're on this train of thought...
6. Archimedes Gets Censored and Sets Intellectual Thought Back Thousands of Years
OK, so this has nothing to do with web hosting or a hosting provider's job function, but we came across the following on Reddit the other day:
That monk was the ultimate hacktivist, huh? All of that mathematical data completely wiped away long before the advent of computers and modern technology as we know it. It just goes to show you that where there's a will, there's a way. Once someone has access to information, they have the ability to manipulate or compromise it. Make sure you build business grade procedures and security measures around your data storage systems, be it including dual password schemes, site-to-site data replication and recovery, continual critical analysis of processes, or restricted access for your high-level servers.
- Data Loss is Costing Companies $1.7 TRILLION Per Year
- Redditors Share their Worst Data Loss Stories of 2014
- The Benefits of Site-to-Site Data Replication for Customers and Web Hosts Alike