Those interested in how data breaches occur should be familiar with the general topography of the Internet. In our previous piece, we discussed the difference between the surface web, deep web and dark web. Most estimates about the topography of the Internet conclude that the deep web makes up between 95%-99% of all web sites. The dark web likely comprises less than 1%, while the surface web accounts for only a few percentage points itself. Nearly the entire Internet is the deep web.

Quest Diagnostics said Monday that 11.9 million Quest Diagnostics patients may have had their personal, financial, and medical exposed in a data breach that happened through a contractor of a contractor. Quest outsources its billing collections to Optum360, which in subsequently used American Medical Collection Agency (AMCA) for such services, and were both notified by AMCA of a security incident on May 14.

In May 2019, Verizon Enterprise released the 12th edition of its Data Breach Investigations Report (DBIR). Researchers analyzed a total of 41,686 security incidents, of which there were 2,013 data breaches, for the publication. More than half (52 percent) of those reported breaches involved some form of hacking. The report listed the most prominent hacking variety and vector combinations, with “vulnerability exploitation” making the top three.

Equifax has incurred losses of over $1.35bn so far following the devasting 2017 data breach involving the breach of 145 million customers personal financial data. In the attack, hackers exploited a known security vulnerability that Equifax had left unpatched and compromised the personal and financial details of more than half of all Americans and millions on UK consumers. The known Apache Struts 2 flaw which caused this breach was left unpatched for over 2 months after a patch was issued.

Canada's fourth largest mobile network operator, Freedom Mobile, announced this week that they have suffered a data breach through a third party service provider. vpnMentor disclosed on Tuesday that its researchers had identified an unprotected database containing information on Freedom Mobile customers, including email addresses, phone numbers, addresses, birth dates, IP addresses, credit scores, unencrypted payment card data with CVV codes, and account details.

Since GDPR came into effect, people tend to be a lot more aware of their personal data or rather, data breaches containing their personal data. Most data breaches that appear on the news tend to be what I call ‘big boy breaches’. These refer to massive breaches from the big companies consisting of millions and millions of data records.

When you hear about a data breach in the news, it’s usually related to a major company or social media network that has been targeted. The erroneous conclusion would be that the hackers only focus on exploiting security flaws in large organizations, but the opposite is true.

A data breach remains a common headline in the news cycle. A different company, website or social network reports a security issue almost daily. If it feels like using the internet has become a risky endeavor, the feeling is accurate. But what exactly classifies an event as a data breach? The world wide web is littered with different security gaps and vulnerabilities. But that doesn’t mean they have been exposed or attacked yet.

Higher education finds itself facing a threat to its financial security even larger than student retention – data breaches. As colleges and universities begin to adopt mobile technologies, they also find themselves increasingly targeted by malicious actors. Understanding the recent security breaches impacting the industry can educate institutions about information security.

With more colleges and universities incorporating Software-as-a-Service (SaaS) platforms to enable registrars, admissions, and financial aid offices, they are collecting more electronic student information. Couple that with weak networks and systems, and the state of cybersecurity in higher education earns an F. To remain solvent in an era of continued student recidivism, higher education needs to focus more efforts on protecting this information from cybercriminals.