Winvale Blog

Personal Email Breaches – The Keys to an Organization’s Most Sensitive Data

Written by Kevin Lancaster | Oct 26, 2015 4:12:44 PM

CIA Director John Brennan’s personal @AOL.com email account was hacked into by a high school student and his personal information was exposed on WikiLeaks on October 21, 2015. They published his Social Security numbers, passport numbers, credit card and addresses of his family and associates. In addition, they released emails and documents generated before Brennan’s time in the Obama administration and while it did not contain classified government information, this has triggered great concern within the intelligence community and U.S. Government.

From CIA Director John Brennan to Hillary Clinton, using personal email accounts is nothing new, however malicious actors are starting to better understand the value of obtaining credentials to these accounts. If you review the contents of your personal emails, you will probably find your social security number, taxes and financial data, health information and other sensitive data. Through “doxing” and other social engineering techniques, hackers can quickly assume your identity and exploit it for personal gain.

Most cyber criminals understand that it’s difficult to hack into a corporate network as organizations are spending a lot of money on the latest technology and the best cyber monitoring services available. The walls to their castles are high and seemingly well-fortified. However, it’s becoming more obvious that the key to those castles is held by individual employees. Today more than ever, organizations need to take steps to protect the personal identities of their employees to prevent their confidential data from being exposed.

Through our work monitoring the Dark Web, we’ve obtained the top 10 personal email accounts that have been compromised. The top three alone cumulatively accounted for more than 160 million breaches. Do you see your email domain? I do.
 

Ranking Email Domains Breached Accounts
1 @hotmail.com 65,058,332
2 @gmail.com 56,265,318
3 @yahoo.com 45,319,018
4 @aol.com 9,544,069
5 @live.com 3,366,451
6 @msn.com 2,723,341
7 @comcast.net 1,946,547
8 @sbcglobal.net 1,150,183
9 @ymail.com 1,089,494
10 @verizon.net 727,648


This number of breached accounts will only continue to increase as cyber criminals break into more websites and steal personal and account information. Hackers don’t just need to target C-Level management to make a major impact. While most news stories focus on only high value targets like CEOs - many employees within an organization have access to proprietary information. To boot, simple searches through Google and LinkedIn have made finding these people even easier.

What type of information does your Human Resources department or Administrative staff have access to? Do they know when their personal email account has been hacked? Do you? Since email is a high usage form of communication in this day and age, having the right identity protection program is vital to any organization’s operations.

You need to be able to receive real-time alerts when your employee is hacked and proactively mitigate those risks. It will also help correct user behavior both on- and off-network, enforce corporate policy and help you better understand your organization’s potential vulnerabilities to third-party data breaches. Without identity protection for all employees, this costly blind spot can have devastating consequences.