How data can be hacked

We can spend a lot of time—and hot air—looking for the specific vulnerability or the specific person who was responsible for but didn’t apply some specific patch or update that could have prevented it. That, unfortunately, is looking at the problem in a way that won’t result in a real solution. I’m not excusing vulnerabilities, and I don’t in any way want to discount the impact that data breaches have on businesses and individuals: it’s easy to see the effect on companies, and I’ve been the unhappy victim of identity theft in one of the well-publicized breaches myself.

It’s in the Numbers

Yahoo still tops the list, in terms of the number of people affected. Yahoo disclosed in 2016 and 2017 that that three billion accounts had been compromised in 2013 and 2014.  The impact on individual, let’s call them “end-victims” was huge, as their names, addresses, telephone numbers, birth dates and security questions were all exposed.  The impact on Yahoo itself is sobering: in the midst of an acquisition at the time, the financial hit was easy to see as an estimated $350 million was lopped-off their selling price. (Reference — https://www.csoonline.com/article/2130877/data-breach/the-16-biggest-data-breaches-of-the-21st-century.html, October 11th, CSO Magazine)

While not the largest, the Equifax breach really hit hard, as, by their own account, Equifax aggregates information on over 820 million individual consumers and 91 million businesses around the world. ( https://www.equifax.com/about-equifax/company-profile October 24, 2017). And we trust(ed) them. They’ve got it all.  In fact, when my identity was breached in a low-tech phishing scheme in which someone in the accounting department of a former employer of mine handed thousands of employee W-2’s over to an imposter CEO, Equifax was one of the three credit reporting agencies I rushed to to lock-down my credit. To protect myself.

2017 has been a very big year for hacks and breaches.  Verizon and Equifax are probably the best-known (and perhaps the largest), but there have been countless others: Hipchat, Wonga, countless healthcare and other organizations hit by WannaCry. Even the dark web got hacked in 2017: when Freedom Hosting got hit, the breach took down one fifth of the dark web. (ZDNet, September 20, 2017 – https://www.zdnet.com/pictures/biggest-hacks-leaks-and-data-breaches-2017/2/).  Credit cards, social security numbers, private photos, intellectual property – it’s all vulnerable.

Breaches are going to happen.  We need to take a step back and do the right thing.  Store data securely so that when a hack happens, the data is protected.  A well-designed storage solution will take into consideration compliance needs and implement proper security protocols and best practices in the <architecture.

Security Regulations Offer Real Guidance – Not Just Red Tape

Compliance regulations have a foundation in reality, even if sometimes they can feel onerous. Some commonalities across different regulations describe basic, commonsense safeguards:

  • Role-based Access – Not everyone should have privileged access to sensitive information in an organization. Rose-based access that provides appropriate levels of access for users, administrators or others is a basic safety mechanism for controlling access to sensitive data.
  • Data Encryption – At rest (while stored) as well as while data is in transit — when uploading and downloading data.
  • Data Integrity – Ensure that protections are in place to prevent data from being tampered or altered (intentionally or unintentionally).
  • Network Security – Firewall rules and network segmentation to protect systems and services.
  • Auditing – Record all transactions and changes made to data and access privileges.

Secure Storage

We can help. Scality RING can be a strong ally in your plan to meet data availability, retention and security requirements. And, you can use its multi-geo options to distribute data across availability zones to ensure data access even when an entire data center—and even part of another—are lost.


Tyna Callahan

Tyna Callahan

Sr. Director of Communications

News & events

Scality empowers Nightshift to secure storage of valuable media

Now they can concentrate on creating award-winning content

In the News

The redesigned and improved MetalK8s 2.X

Current Openings

Find the latest career opportunities


Get a Live Demo

Request a demonstration



149 New Montgomery Street, Suite 607
San Francisco, CA, 94105
Email: sales.us@scality.com
Telephone: +1 (650) 356-8500
Fax: +1 (650) 356-8501
Toll Free: +1 (855) 722-5489


11 rue Tronchet
75008 Paris, France
Email: sales.eu@scality.com
Telephone: +33 1 78 09 82 70


43777 Central Station Drive, Suite 410
Ashburn, VA 20147, USA
Email: sales.us@scality.com
Toll Free: +1 (855) 722-5489


Otemachi Bldg. 4F, 1-6-1, Otemachi
Chiyoda-ku Tokyo, 100-0004 Japan
Email: sales.japan@scality.com
Telephone: +81-3-4405-5400


Quadrant House, Floor 6
4 Thomas More Square
London, United Kingdom, E1W 1YW
Email: sales.uk@scality.com
Telephone: +44 20 3004 8181


The most powerful data storage platform.

Protect, search and manage your data on any cloud.







Hardware Alliances

Delivering fully integrated solutions.

Learn More

Read about Scality data storage and management solutions.