AOL EMAIL THEFT
In 2004, it was revealed that a software engineer at the then internet behemoth AOL had stolen 92 million email addresses while using another employee’s credentials, in a forlorn attempt to cover his tracks.
The email database, thought to impact at least 30 million AOL members, was then sold for £15,000 to a spammer, resulting in an estimated seven billion unsolicited emails that advertised an offshore gambling website flooding AOL inboxes. This makes it into our list not only because the impact on AOL users was huge, but the consequences of getting caught for stealing data were as well.
The rogue employee was ultimately prosecuted under the newly introduced CANSPAM legislation in the US and sentenced to 15 months in prison. He was also ordered to pay £46,500 to AOL in restitution. It was the first time that a truly large firm had suffered a data loss such as this, and that breach had been made public.
While there was little relevant legislation to protect data in the cyber realm 14 years ago, things have changed. Ryan Wilk, vice president at NuData Security, told PC Pro that organisations can help protect data by limiting both what is collected and how long it is kept. “While we never want to lose data that may one day be helpful, sensitive data should not be stored for no reason,” Ryan explained. “Security and data analytics teams should work together to understand what data is actually needed and what data can be deleted. If you only hold what you need, and only hold it for as long as you need it, you greatly limit your risk to exposure.”