AXEL.org

Business

Self-Driving Cars are Here. Are Businesses, Consumers, and Lawyers Ready?

The introduction of the automobile changed not only American transportation, but American culture as well. While automobiles had existed since the late 1800s, they were typically very expensive and unreliable. However, in 1908, Ford released the Model T, an automobile made for the middle class. Sold for a measly USD $850 (a less measly USD $23,000 in today’s dollars), the Model T rapidly gained popularity in the United States [1]. Ultimately, the introduction of affordable mass-market automobiles led to the car-centric transportation system the United States has today. For over a century, this system has persisted, with wide interstate highways and large parking lots dominating American cityscapes.

But even after a century of automobile innovation, relatively little has changed about the fundamentals of driving. At least one passenger must control the car at all times, and if they lose control, even for a split-second, there could be disastrous consequences. Now, in 2021, those fundamentals are beginning to change. With massive tech companies like Uber and Amazon investing heavily in this emerging technology [2], it’s fair to wonder: How soon will self-driving cars become the norm? And how will this eventual change affect tech, law, and culture?

History of Autonomous Vehicles

One of the first autonomous vehicles came just a few years after the popularization of the automobile. However, this car was far from a technological masterpiece, closer to a life-size RC car than an automotive revelation. In 1925, electrical engineer Francis Houdina paraded a driverless sedan with a massive antenna down the streets of New York City. He controlled the car via remote control in a trailing vehicle. Ironically, the car crashed into another automobile full of journalists during the parade [3]. Despite the embarrassing end to the initial showcase, radio-controlled cars became tourist attractions for the next decade. Spectators were amazed by driverless cars, and automobile companies noticed. In 1935, Chevrolet even advertised the benefits of self-driving cars in an automobile safety video [4]. Even when mass-market automobiles were just beginning to flourish, a future filled with autonomous vehicles was dreamt by consumers and automakers alike. However, while automobile companies continued research and development into self-driving cars, it amounted to little else but prototypes and tourist gimmicks.

Beginning in the early 2010s, these prototypes and gimmicks began to have legitimate functionality. Cars manufacturers began to include features that were previously limited to autonomous vehicle prototypes. For example, in 2013, Mercedes-Benz released a luxury car featuring automatic braking, adaptive cruise control and parking assistance [5]. While this tech was exclusive to high-end cars years ago, features like parking assistance and automatic braking are regularly included in more affordable cars today. However, the biggest step toward a future with self-driving cars was made by Tesla. The electric-vehicle company introduced its “autopilot” software in 2015, allowing drivers to take their hands off the wheel while driving [6]. While Tesla’s autopilot feature isn’t fully autonomous, it is one of the first auto manufacturers to produce a mass-market vehicle with significant autonomous capabilities.

Why Autonomous Could be the Future

First and foremost, auto manufacturers are embracing self-driving cars because of their safety. Put simply, humans are not better drivers than robots. Self-driving cars would be able to make split-second decisions quicker than humans. Additionally, an autonomous vehicle future could wipe out incapacitated driving, which makes up 10% of all car crashes [7]. Altogether, one study states that a future with fully autonomous vehicles could cut traffic accidents by at least 34% [7]. While 34% fewer crashes may not seem like a massive decrease, it could have life-saving effects. There were an estimated 36,120 car crash fatalities in 2019 in the United States [8]. If 34% of those crashes were averted by autonomous vehicles, it could save over 12,000 lives each year.

Finally, consumers are drawn to autonomous vehicles because of their convenience. Self-driving cars could put an end to the stresses and anxieties of driving. After all, driving has always required the driver’s complete attention; to the point where eating while driving is heavily discouraged, and texting while driving is illegal in most states. Driving requires full, undivided attention. And for heavy-traffic areas or long road trips, this can be inconvenient for drivers. A future where drivers can send emails, talk to passengers or even nap is incredibly appealing to most drivers. While fully autonomous vehicles are still a long way away, it’s clear why consumers are interested in self-driving cars as well.

Why Autonomous Cars Could Flounder

One of the biggest obstacles facing automakers isn’t one of technological capability, but legal culpability. Right now, in almost every car crash, one of the affected drivers is at fault. Most importantly, the at-fault driver is often on the hook for financial penalties. But if all vehicles are autonomous, and there’s a crash, who is responsible? Because we are nowhere near this level of automation yet, we simply don’t know what the law will be in the era of self-driving cars. Could auto corporations be found at fault? If they are, why would companies continue to make autonomous vehicles if each one could mire the company in a lawsuit? Simply put, there are massive legal questions regarding autonomous vehicles that we don’t know the answer to, and won’t know until self-driving cars are much more integrated into society.

Finally, concern among consumers regarding privacy could cause the future of self-driving cars to sputter. Autonomous vehicles could become yet another device that collects and sells your personal data to advertisers. Even worse, these self-driving cars would have access to loads of unique data points, including travel histories and voice recordings. And because self-driving cars require software updates for new roads, even cars could become subject to ransomware attacks and other cybercrime. While autonomous vehicles can offer unparalleled convenience for their users, they can also force new, invasive forms of surveillance.

Stay Safe with AXEL Go

While AXEL Go can’t protect your autonomous car from ransomware (yet), it can protect your most important files from cybercrime. Offering industry-leading encryption and decentralized blockchain technology, AXEL Go is the best way to protect yourself or your business from data breaches and cybercrime. With AXEL Go, there’s no compromise between security and privacy rights. After all, our business is protecting your data, not collecting it. If you’re ready to try the most secure file-sharing and storage software, get two free weeks of AXEL Go here

[1] History.com Editors. “Model T.” History.com. A&E Television Networks, April 26, 2010. https://www.history.com/topics/inventions/model-t

[2] Palmer, Annie. “Amazon Zoox Unveils Self-Driving Robotaxi.” CNBC. CNBC, December 14, 2020. https://www.cnbc.com/2020/12/14/amazons-self-driving-company-zoox-unveils-autonomous-robotaxi.html

[3] Engelking, Carl. “The ‘Driverless’ Car Era Began More than 90 Years Ago.” Discover Magazine. Discover Magazine, May 17, 2019. https://www.discovermagazine.com/technology/the-driverless-car-era-began-more-than-90-years-ago

[4] Chevrolet Presents: The Safest Place. YouTube. YouTube, 2013. https://www.youtube.com/watch?v=cilh7br-P80

[5] Ingraham, Nathan. “Mercedes-Benz Shows off Self-Driving Car Technology in Its New $100,000 S-Class.” The Verge. The Verge, May 18, 2013. https://www.theverge.com/2013/5/18/4341656/mercedes-benz-shows-off-self-driving-car-technology

[6] Golson, Jordan. “Volvo Autonomous Car Engineer Calls Tesla’s Autopilot a ‘Wannabe’.” The Verge. The Verge, April 27, 2016. https://www.theverge.com/2016/4/27/11518826/volvo-tesla-autopilot-autonomous-self-driving-car

[7] Baldwin, Roberto. “IIHS Study: Autonomous Cars Won’t Avoid Majority of Vehicle Crashes.” Car and Driver. Car and Driver, November 10, 2020. https://www.caranddriver.com/news/a32783046/iihs-autonomous-cars-not-as-safe-study/

[8] Media, NHTSA. “Early Estimates of 2019 Motor Vehicle Traffic Data Show Reduced Fatalities for Third Consecutive Year.” NHTSA. NHTSA, May 5, 2020. https://www.nhtsa.gov/press-releases/early-estimates-2019-motor-vehicle-traffic-data-show-reduced-fatalities-third

Cybersecurity Strategies for Small Businesses and Firms

When it comes to ransomware and data breaches, we mostly hear about the attacks on massive corporations. After all, these cyber-assaults can affect millions, so it only makes sense that attacks on big businesses are the ones we hear about. However, this creates a false assumption that only big businesses are affected by cybercrime. Unfortunately, this couldn’t be further from the truth. In fact, small businesses and firms are often targeted by cybercriminals due to their valuable data and relative lack of cybersecurity protocols [1]. Many smaller companies still have not taken the threat of cybercrime seriously. In fact, 51% of small businesses have not dedicated any resources to cybersecurity [2]. In 2021, a year full of cybercrime and ransomware attacks, that’s a recipe for disaster.

Ransomware and data breaches can affect anyone from first-year law students to senior executives. Of course, large companies have sizable cybersecurity operations, so if cybercriminals strike, they’re prepared. For small businesses and firms, however, it’s up to individuals to protect themselves and their clients. Thankfully, there are easy, inexpensive ways for smaller companies to keep themselves safe from cybercrime.

Secure Passwords

Many of us are guilty of using the same password for multiple accounts. It’s perfectly logical to reuse passwords sometimes when we have hundreds of online accounts for various businesses, social media sites and software. However, using just one password for all your accounts can be disastrous, especially if your work passwords are reused. Think about it: If your Facebook password is leaked, and you have the same password for every account, in effect, all your accounts are leaked. While you don’t need unique, thirty-character-long passwords for every account, ensuring that your passwords are varied and strong keeps your most important data safe. Having one of your passwords leaked is bad, but manageable; having all of your passwords leaked is catastrophic.

Cyber Insurance

Cybercrime can still occur even when precautions have been taken. That’s why it may be smart to invest in a relatively new insurance offering, cyber insurance. Many large corporations utilize cyber insurance to minimize the financial risk of a data breach. In fact, after Target’s 2013 data breach, cyber insurance covered USD $90 million of the total damages [3]. For smaller businesses and law firms, one cyberattack could be financially devastating enough to shutter doors permanently. It is a significant investment, but cyber insurance could pay off in the long term.

Ethical Hackers

One of the quickest, easiest ways to determine if your small firm has a security hole is to hire a white hat, or ethical, hacker. The job of a white hat hacker is to breach a company’s computer system, but with permission. Once the hacker gains access to the system, they can snoop around, looking for vulnerabilities. If a vulnerability is found, they simply tell the company and potentially fix it. While the idea of letting a stranger into your computer systems may sound frightening, this process is one of the best ways to prepare for cybercrime. After all, if you find and patch the vulnerabilities, there isn’t much a cybercriminal can do to your business.

Of course, ethical hackers don’t come cheap, and the more experienced an ethical hacker is, the higher the cost. Big corporations have paid from USD $1,000 to USD $15,000 for white hat hackers to breach their computer systems and look for security vulnerabilities [4]. While hiring or contracting an ethical hacker can be a large investment, there’s no better way to determine if your firm is prepared for a cybercriminal attack.

Culture of Security

In addition to paid solutions, a free technique to protect you and your firm’s cybersecurity is to encourage a culture of security. This means updating your software often, using encryption, and being knowledgeable about modern technology and its risks. First, updating your software is one of the easiest ways to minimize the risk of cybercrime. In fact, the infamous Equifax data breach of 2017 occurred because Equifax simply forgot to update its security software when a vulnerability was detected [5]. Keeping software up-to-date is one of the simplest ways to keep yourself and your firm protected. Next, using encryption is an inexpensive, useful tool to keep your documents safe from data breaches. If your documents are unencrypted, cybercriminals have easy access to your most vital files. Encryption provides an extra layer of security that keeps your documents safe from data breaches and leaks.

Finally, cybersecurity education is the largest part of a culture of security. When everyone is aware of cybersecurity risks like phishing scams and the danger of public Wi-Fi, the risk of cybercrime is minimized. Simply informing your friends and coworkers about modern cybersecurity risks helps cultivate a culture of security that helps you (and your clients) stay safe from cybercrime. Simply put, staying informed on cybersecurity is a long-term, effective solution to minimize the risk of ransomware attacks and data breaches.

Backup Your Data

Whether you’re a thirty-year veteran at a firm or just starting your first job in the workforce, backing up your data offline could be the most important strategy on this list. Security vulnerabilities and cybercriminals pose a threat to cloud-based files. If you get locked out of this online data by cybercriminals, you’ll be forced to either pay a hefty ransom or lose all of your online files. The solution? Simply backup your documents offline. And don’t do it just once! At least monthly, copy your files to an offline hard drive. Backing up your documents offline ensures that you, or your firm, are able to continue working even if a cyberattack hits.

Try AXEL Go

If you’re ready to start creating your culture of security, try AXEL Go. AXEL Go is a cloud file-sharing software with an unwavering focus on privacy. AXEL Go lets employees and students share, store, and collect documents securely, all in a simple, easy-to-understand user interface. Offering military-grade encryption, blockchain technology, and decentralized servers, AXEL Go offers the perfect pairing of simplicity and stringent security. To try AXEL Go free for two weeks, click here.

[1] Shankar, AJ. “Council Post: Ransomware Attackers Take Aim at Law Firms.” Forbes. Forbes Magazine, March 11, 2021. https://www.forbes.com/sites/forbestechcouncil/2021/03/12/ransomware-attackers-take-aim-at-aw-firms/

[2] Knutson, Ted. “Small Businesses Bearing Brunt of Ransomware Attacks, Senate Told.” Forbes. Forbes Magazine, July 28, 2021. https://www.forbes.com/sites/tedknutson/2021/07/27/small-businesses-bearing-brunt-of-ransomware-attacks-senate-told/?sh=705864499556

[3] Newman, Craig. “Target’s Cyber Insurance: A $100 Million Policy vs. $300 Million (so Far) in Costs.” Patterson Belknap Webb & Tyler LLP, January 16, 2019. https://www.pbwt.com/data-security-law-blog/targets-cyber-insurance-a-100-million-policy-vs-300-million-so-far-in-costs/

[4] Fazzini, Kate. “Some Freelance Hackers Can Get Paid $500,000 a Year to Test Defenses of Companies like Tesla.” CNBC. CNBC, December 13, 2018. https://www.cnbc.com/2018/12/12/freelance-hackers-get-paid-to-test-the-defenses-of-firms-like-tesla.html

[5] Ng, Alfred. “How the Equifax Hack Happened, and What Still Needs to Be Done.” CNET. CNET, September 7, 2018. https://www.cnet.com/tech/services-and-software/equifaxs-hack-one-year-later-a-look-back-at-how-it-happened-and-whats-changed/

Is Virtual Reality the Future? Facebook Thinks So.

Facebook is now Meta. Well, kind of. Last month, Facebook changed its parent company’s name to Meta, a nod to the company’s growing focus on the “metaverse.” Now, this doesn’t mean you’ll be liking vacation photos on meta.com any time soon. The company that owns Facebook is now Meta, not the social network itself. But why did Facebook change its name? First and foremost, it signals a shift away from social media, toward a more unique (and less controversial) form of technology: Virtual reality. 

Although virtual reality has existed in some form for decades, the technology is now becoming advanced enough to offer legitimately useful features to consumers and businesses. For example, Meta showed off its VR prototype during its name-change announcement video. The company showed off a virtual meeting room filled with cartoon avatars. The goal, Meta states, is to create a virtual meeting place that is nearly indistinguishable from a real meeting place. With more people working from home than ever before, this appears to be a useful goal. After all, Zoom meetings simply don’t have the same amount of interactivity and socialization as in-person meetings. VR could very well become the future of work. However, the widespread adoption of VR technology is still a long way away.

The History of Virtual Reality

The origin, and even the definition, of virtual reality is disputed [1]. After all, modern VR headsets are what the public thinks of when “virtual reality” is mentioned, but technology that advanced simply didn’t exist just a few decades ago. However, virtual reality experiences have still existed for decades. One of the first items that could be considered a virtual reality product is the View-Master, a goggles-like device that showed stereoscopic photographs. When utilized correctly, the user’s entire field of vision was dominated by the three-dimensional image. Although primitive, the View-Master may have been the first virtual reality device to appeal to the general consumer. This product ultimately highlighted just how immersive future virtual reality technology could be.

Beginning in the 1960s, researchers began to realize the potential of this futuristic technology. Specifically, they began to utilize virtual reality for military and flight simulations [2]. This allowed soldiers and pilots to train under realistic circumstances. Throughout the 1970s and 1980s, virtual reality was mostly used as a training tool for professionals, as the technology was far too expensive for mass-market appeal. 

However, beginning in the 1990s, VR technology became advanced (and inexpensive) enough for companies to begin crafting virtual reality experiences for the general consumer. Ever since then, virtual reality has become intertwined with the gaming industry. In the early 1990s, video game giants Nintendo and Sega began creating virtual reality consoles, with marketing that promised to transport players to an immersive, realistic world [3]. The hype of virtual reality was at an all-time high. However, this optimism soon began to dwindle. In 1995, Nintendo released the Virtual Boy, a virtual reality video game console [2]. However, soon after its release, consumers were quick to point out the major drawbacks of virtual reality. The console itself was uncomfortable and dizzying, and only showed games in black and red [4]. For most consumers, this virtual reality product simply wasn’t realistic enough, and the console flopped.

Modern Uses of Virtual Reality

After the commercial failure of the Virtual Boy and other early VR headsets, the technology was mostly relegated to professional use. However, with the recent rise of newer, more realistic and more comfortable VR headsets, it may finally be time for virtual reality to enter the mainstream. 

While the VR market has undeniably grown, consumers still mostly see virtual reality as a cool gimmick, rather than a necessity. Today, most of VR’s use is for gaming, and while the industry has found a niche group of enthusiasts, just 34 million total headsets have been sold in the last five years [5]. Additionally, while the cost of virtual reality technology has dropped, headsets still aren’t affordable for all. For example, Oculus, a VR headset company owned by Meta, prices its cheapest headset at $299. While the technology has evolved and prices have dropped, committing to virtual reality is simply too much of a financial commitment for many.

The Future of VR

With Meta turning its focus to virtual reality, VR is certainly here to stay. But how will VR be utilized in the future? Will it become a business necessity, like Meta seems to think? Or could it continue to grow as a gaming product? Finally, can VR finally overcome its gimmick label? Simply put, there are a lot of questions about the future of virtual reality that we simply don’t know. However, a major company like Meta shifting its focus to virtual reality presents an opportunity to the industry that it has never had before. Meta’s massive, public commitment to virtual reality could usher in the widespread adoption of this emerging technology.

However, public acceptance of VR isn’t the only potential downfall to the industry. A common concern regarding virtual reality is the technology’s privacy and security. Modern VR headsets are filled with sensors, cameras, and microphones. Of course, headsets need this technology to function, but the data collected through this technology needs to be guarded securely. Put simply, virtual reality collects unique user information. With this information, advertisers can learn even more about you to sell their products. Even worse, there are no regulations for data collected through VR, further putting user privacy in the backseat [6]. So while virtual reality may offer new opportunities to connect and play, it also gives advertisers a new way to collect even more information on users.

Keep Your Data Safe with AXEL Go

Using a secure file storage system is the key to protecting your data from breaches and ransomware attacks. That’s where AXEL Go comes in. Offering military-grade encryption and decentralized blockchain technology, AXEL Go is the best way to protect yourself and your business from unauthorized cybercriminals. With privacy concerns not going away anytime soon, secure file-sharing is a necessity for businesses and individuals. If you’re ready to try the best protection, try two free weeks of AXEL Go here.

[1] Schnipper, Matthew. “The Rise and Fall and Rise of Virtual Reality.” The Verge. https://www.theverge.com/a/virtual-reality/intro.

[2] “History of Virtual Reality.” Virtual Reality Society, January 2, 2020. https://www.vrs.org.uk/virtual-reality/history.html.

[3] Karpf, David. “Virtual Reality Is the Rich White Kid of Technology.” Wired. Conde Nast, July 27, 2021. https://www.wired.com/story/virtual-reality-rich-white-kid-of-technology/.

[4] Greenbaum, Aaron. “Here’s Why the Virtual Boy Was a Complete Failure.” Looper.com. Looper, August 4, 2020. https://www.looper.com/233207/heres-why-the-virtual-boy-was-a-complete-failure/.

[5] Alsop, Thomas. “VR Headset Unit Sales Worldwide 2024.” Statista, July 19, 2021. https://www.statista.com/statistics/677096/vr-headsets-worldwide/.

[6] Maslin, Jared. “Concerns with Privacy in Virtual Reality.” Data Science W231 Behind the Data Humans and Values, March 2, 2021. https://blogs.ischool.berkeley.edu/w231/2021/03/02/concerns-with-privacy-in-virtual-reality/.

Devastating Data Breaches – Part 5: Facebook Dismisses Data Security

In the history of the Internet, no tech company may be more controversial than Facebook. Started in 2004 and initially limited to Harvard University students, Facebook quickly hit the mainstream as the premier social networking site. In just a few years, it overtook older sites like MySpace and Friendster, making it the go-to social network for hundreds of millions of people. However, this massive growth has not been without controversy.

Facebook has long been criticized for its record on privacy and security. From collecting mountains of information on individuals to its involvement in state-sponsored surveillance, Facebook’s record on privacy is shaky [1]. But even though billions are skeptical of Facebook and its security practices, it’s still the most popular social network in the world. Combined with its ownership of popular messaging app WhatsApp and photo-sharing app Instagram, Facebook has become one of the Silicon Valley giants where their main product isn’t a product or software, but users themselves. Because of this, it is in Facebook’s best interest to collect as much information as possible from its users. While this strategy certainly lines Facebook’s pockets with oodles of advertiser cash, it forces user privacy to take a backseat and puts user security at risk. Unfortunately, in 2019, this security risk became realized for hundreds of millions of people.

In honor of Cybersecurity Awareness Month, AXEL is writing about some of the worst leaks, data breaches, and ransomware attacks in history. Check out our previous posts about Yahoo, Marriott, Equifax, and Target to learn about what went wrong, what could’ve been done, and how each company responded to devastating data breaches.

Before The Breach

In 2019, Facebook was already facing the aftermath of another massive privacy mishap, the Cambridge Analytica scandal. With Facebook’s knowledge, Cambridge Analytica, a political data analytics firm, harvested data from 87 million Facebook accounts. It then sold this information to multiple United States presidential campaigns in order to inundate potential supporters with political advertisements [2]

Following the revelations of this data thievery, Facebook CEO Mark Zuckerburg even testified in front of Congress, along with taking out full-page advertisements in major newspapers, vowing to “ensure this doesn’t happen again [2].” Following an investigation, the Federal Trade Commission fined Facebook USD $5 billion, the largest fine ever levied by the United States government [3].

Put simply, Facebook was not seen in a positive light by many people. Its track record regarding data privacy had always been shaky, but this new scandal not only drew the ire of government officials, but the general public as well. After this scandal, all eyes were on Facebook to see if it would actually make changes to protect user privacy. Unfortunately, Facebook did not keep its promises for long. 

The Leak

In 2019, through a vulnerability in Facebook’s code, the personal data of 533 million Facebook users was stolen [4]. Concerningly, the perpetrators of this attack did not acquire the data through hacking or phishing, but simply by finding a vulnerability that allowed users to record millions of phone numbers from Facebook’s servers. In August 2019, Facebook patched this vulnerability, but was unaware of the stolen data. However, in April 2021, phone numbers of the 533 million users were posted to a hacking forum. This data mainly consisted of names and phone numbers, but some email addresses and birth dates were compromised as well [4]. Even worse, the data was posted for free on a public forum, meaning that any scammer or spammer with basic computer knowledge could access this stolen data [4].

While no financial or government data, such as credit card numbers or Social Security numbers, were posted, the release of phone numbers and corresponding names was a goldmine for scammers. Primarily, these cybercriminals could use this information to send phishing scams to unsuspecting users. While the attack could have been much worse, the leak of over half a billion phone numbers directly after Facebook’s previous data scandal was not received well by the general public.

Facebook did little to satiate the outrage following the leak. After the leak was publicly revealed, Facebook stressed that the leaked data was outdated (albeit, by only two years) and that the security flaw had already been patched. Additionally, Facebook refused to notify the affected users, stating that there was nothing that users could do to mitigate the consequences [5]

The Aftermath

While a leak that puts 533 million phone numbers at risk may sound like a big deal, for Facebook, it’s just a drop in the bucket of criticism the company has received regarding user privacy. After all, the Cambridge Analytica scandal forced Zuckerberg to testify before Congress. For Facebook, this is a run-of-the-mill data breach. In fact, in a leaked email detailing the company’s response to the breach, a Facebook employee stated “We expect more scraping incidents and think it’s important to both frame this as a broad industry issue and normalize the fact that this activity happens regularly [6].”

Unfortunately, it appears Facebook is not planning on making substantive changes regarding user privacy. This isn’t particularly surprising, as Facebook has become a giant because of its willingness to collect user information. However, just because Facebook is slow to change doesn’t mean you have to be a victim. You can protect your data by following simple cybersecurity tips, like not clicking unfamiliar links and double-checking email addresses. If Facebook isn’t going to protect your privacy, it’s up to you to do it yourself.

Protect Your Data with AXEL Go

Another way to protect your privacy is to use a secure file-sharing software. Offering industry-leading encryption and decentralized blockchain technology, AXEL Go is the best way to protect yourself or your business from unauthorized cybercriminals. Featuring a myriad of unique privacy features, AXEL Go is the best way to keep your data safe. If you’re ready to try the best protection, get two free weeks of AXEL Go here

[1] Greenwald, Glenn, and Ewen MacAskill. “NSA Prism Program Taps in to User Data of Apple, Google and Others.” The Guardian. June 07, 2013. https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data.

[2] Meredith, Sam. “Facebook-Cambridge Analytica: A Timeline of the Data Hijacking Scandal.” CNBC. April 10, 2018. https://www.cnbc.com/2018/04/10/facebook-cambridge-analytica-a-timeline-of-the-data-hijacking-scandal.html.

[3] Nuñez, Michael. “FTC Slaps Facebook With $5 Billion Fine, Forces New Privacy Controls.” Forbes. July 24, 2019. https://www.forbes.com/sites/mnunez/2019/07/24/ftcs-unprecedented-slap-fines-facebook-5-billion-forces-new-privacy-controls/.

[4] Holmes, Aaron. “533 Million Facebook Users’ Phone Numbers and Personal Data Have Been Leaked Online.” Business Insider. April 03, 2021. https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4.

[5] Farmer, Ryan. “Facebook’s April 2021 Data Breach Explained.” StrongVPN Blog. April 30, 2021. https://blog.strongvpn.com/facebook-data-breach-april-2021/.


[6] “Facebook Downplays Data Breach in Internal Email.” BBC News. April 20, 2021. https://www.bbc.com/news/technology-56815478.

Devastating Data Breaches – Part 4: How Target Changed Credit Cards

In 2013, data breaches were common, but didn’t particularly weigh heavily in the public consciousness. While major data breaches had certainly occurred by that point, these breaches tended to affect less personal businesses. After all, Americans weren’t going into Yahoo or Equifax every week for grocery shopping. Data breaches tended to affect corporations that most people only interacted with online. Therefore, when a data breach occurred, it didn’t feel as personal. Combined with the equally impersonal picture of shadowy hackers stealing data from continents away, data breaches weren’t seen as a massive issue to the general population, but as an online nuisance.

Unfortunately, that mindset soon changed. In late 2013, in the middle of the holiday shopping season, Target fell victim to a data breach, with over 70 million people’s financial information becoming compromised [1]. While 70 million may sound paltry compared to Yahoo’s 3 billion leaked accounts, the damage to those 70 million victims was much more severe. Ultimately, this hack put data breaches on the mind of everyday citizens. After all, these hackers didn’t target a shadowy Internet business that only a few hundred people have physically been to. This hack targeted a popular chain of stores where millions of people shop every week.

In honor of Cybersecurity Awareness Month, AXEL is writing about some of the worst leaks, data breaches, and ransomware attacks in history. Follow along all October long to learn about what went wrong, what could’ve been done, and how companies responded to devastating data breaches.

The Breach

In September 2013, the cybercriminals responsible for the attack began their strike on the popular retail chain. However, the hackers’ plans did not involve attacking Target directly, at least not yet. The cybercriminals targeted Fazio Mechanical Services, a contractor that provided Target with heating and air conditioning [2]. From Fazio and its approved credentials, the hackers then accessed Target’s network and quickly found access to Target’s point-of-sale (POS) systems. From there, the attackers installed malware that recorded credit card data. Finally, the hackers encrypted the credit card data and exfiltrated it right under Target’s nose.

Target became aware of a potential breach on November 30, when a Target security operations center in India recorded potentially malicious activity [1]. That activity was shared with the Target corporate office in Minneapolis, but no action was taken. Again, on December 2, malicious activity was found and reported, but no action was taken by the corporate office. Finally, on December 12, the US Department of Justice contacted Target about a potential data breach, and an investigation began [1]. One week later, Target publicly revealed the data breach.

All in all, over 70 million customer records and 40 million payment card credentials were stolen in the hack [3]. This information was put up for sale on the dark web, where any variety of cybercriminals could pay for the stolen financial data. The data breach not only included debit and credit card numbers, but PIN numbers as well, putting affected customers at a large financial risk. Overall, while 70 million victims may pale in comparison to other data breaches, the breach’s effect on those victims was enormous. 

The Fallout

In the years following the data breach, Target paid over USD $200 million in costs related to the hack [4]. Target could have paid much more, but the company had a cybersecurity insurance policy that covered about USD $90 million of the total cost [1]. Additionally, Target agreed to a settlement of USD $18.5 million to 47 state governments for further compensation to victims [4]. As part of the settlement, Target agreed to tighten its security measures, along with promising to separate its cardholder data from the rest of its computer network. Additionally, Target’s CEO, Gregg Steinhafel, resigned in May 2014, in the aftermath of the attack [4]. Although the breach certainly did not put Target out of business, it had a profound effect on the company’s financial security, along with consumer trust in the company.

To this day, just one person has been charged in connection to the attack. In 2018, a Latvian computer programmer named Ruslan Bondars was sentenced to 14 years in prison for creating a program that helped cybercriminals, including the perpetrators behind the Target attack, improve malware [5]. However, Bondars was not immediately connected to the attack. Cybersecurity experts hypothesize that Andrey Hodirevsky, a Ukrainian programmer who specializes in selling stolen financial information, was the mastermind behind the attack [5]. However, Hodirevsky has never been charged with the crime.

Finally, the Target data breach affected not only the victims, but spearheaded a massive change in credit card usage as well. Following the breach, Target was one of the first companies to offer credit cards with embedded microchips, which provides better security than the traditional magnetic swipe [3]. So while the Target attack affected millions of victims, it also helped encourage the necessary transition from magnetic swipes to chip cards.

Overall, the Target data breach highlights the importance of communications, especially when it comes to cybersecurity incidents. Had Target taken action earlier, the effects of the data breach could have been mitigated or even eliminated. Unfortunately, in the time it took for Target to realize something was wrong, the damage had already been done. Thankfully, Target quickly identified and eliminated the malware, and also ushered in the era of microchipped cards. 

Keep Your Data Secure with AXEL Go

AXEL Go is a secure file-sharing and storage software that puts you back in control of your data. From military-grade encryption to blockchain technology, AXEL offers the most stringent security for your most important files. If you’re ready to take back control of your data, try two weeks of AXEL Go for free here. To read more about AXEL Go, click here.

[1] Plachkinova, Miloslava, and Chris Maurer. “Teaching Case Security Breach at Target.” Journal of Information Systems Education 29, no. 1 (March 21, 2018). https://jise.org/Volume29/n1/JISEv29n1p11.pdf.

[2] Shu, Xiaokui, Ke Tian, Andrew Ciambrone, and Danfeng Yao. “Breaking the Target: An Analysis of Target Data Breach and Lessons Learned.” January 18, 2017. https://arxiv.org/pdf/1701.04940.pdf.

[3] Myers, Lysa. “Target Targeted: Five Years on from a Breach That Shook the Cybersecurity Industry.” WeLiveSecurity. December 13, 2018. https://www.welivesecurity.com/2018/12/18/target-targeted-five-years-breach-shook-cybersecurity/.

[4] Abrams, Rachel. “Target to Pay $18.5 Million to 47 States in Security Breach Settlement.” The New York Times. May 23, 2017. https://www.nytimes.com/2017/05/23/business/target-security-breach-settlement.html.

[5] Weiner, Rachel. “Hacker Linked to Target Data Breach Gets 14 Years in Prison.” The Washington Post. September 21, 2018. https://www.washingtonpost.com/local/public-safety/hacker-linked-to-target-data-breach-gets-14-years-in-prison/2018/09/21/839fd6b0-bd17-11e8-b7d2-0773aa1e33da_story.html.

Devastating Data Breaches – Part 3: The Negligence of Equifax

Data breaches, in the traditional sense, have existed for centuries. Although we think of data breaches as a relatively new phenomenon due to the sheer prevalence of attacks we see today, data breaches have been causing headaches to businesses and consumers for a long, long time. Of course, before computers, a data breach meant the exposing of physical papers with confidential information on them. Before the Internet, the amount of damage that could be done was limited by the physical amount of data you could steal. After all, there’s only a finite amount of confidential papers a criminal can sneakily fit in a briefcase. Because of this, the amount of damage done by data breaches was limited.

However, once Internet usage became widespread, the potential damage of a data breach skyrocketed. Millions of consumer records could be stored digitally, ripe for the picking for any cybercriminal with enough knowledge and skill. Ultimately, the Internet ushered in the great data breach boom. And no case is more symbolic of this new trend than the Equifax data breach of 2017.

In honor of Cybersecurity Awareness Month, AXEL is writing about some of the worst leaks, data breaches, and ransomware attacks in history. Follow along all October long to learn about what went wrong, what could’ve been done, and how companies responded to devastating data breaches.

Equifax’s Lax Security

Equifax, one of the three major credit bureaus in the United States, has held mountains of information on millions of Americans for decades. Of course, recording and analyzing this personal information is what a credit bureau does, and their existence is necessary in today’s world. However, because of the sheer amount of information that credit bureaus have, they also hold more responsibilities than most other businesses. Specifically, these businesses have increased responsibility for protecting data and preventing cybercrime. Unfortunately, Equifax reneged on this responsibility in 2017.

On March 7, 2017, Apache Struts, a software program that Equifax and thousands of other companies used, announced a security vulnerability in the software, and immediately sent an update to Equifax to patch the security hole [1]. For reasons unknown, the software was never updated by Equifax, creating a massive security vulnerability. Just a week later, Equifax ran a scan for unpatched systems, but the Apache Struts security hole was not flagged [1]. Ultimately, these two errors put Equifax’s data at massive risk, as the software’s security flaw was publicly known. Just a few days after Equifax’s initial error, the risk became realized.

The Breach

On March 10, 2017, the perpetrators first gained access to Equifax’s servers. However, the cybercriminals did not do much for the next few months, likely to evade detection by Equifax IT. However, by May, the hackers began their attack [2]. For the next two months, the hackers gained access to multiple Equifax databases, They then encrypted this data, and extracted it right under Equifax’s nose. Not long after, the perpetrators were in control of millions of Social Security numbers, birth dates, names, driver’s license numbers, and credit card numbers. After months of investigations, it was determined that the cybercriminals made away with the vital personal information of over 140 million people [3].

To make matters worse, Equifax could’ve had one last line of defense when the hackers were extracting the encrypted data. Most companies receive notifications when a large amount of encrypted data is exfiltrated. However, in another cybersecurity blunder by Equifax, the company failed to renew a vital security service that inspects encrypted data traffic [1]. Because of this, the hackers made away with the data with no detection.

The Response

In August 2017, Equifax became aware of the cybersecurity incident, but did not reveal the attack to the public until September [1]. While Equifax attempted to provide resources to those affected, even the company’s response to the attack was widely panned. For example, Equifax’s social media team directed affected consumers to incorrect web pages on multiple occasions [1]. Even worse, it was revealed that multiple Equifax executives sold USD $1.8 million in Equifax stock following the company’s discovery of the attack, but before it was publicly announced [4]. One executive, Equifax’s Chief Information Officer, was eventually convicted of insider trading related to the attack [5]. Simply put, Equifax’s response to the crisis was woefully inept, and the affected consumers were furious. Eventually, this frustration resulted in litigation.

In the following years, a class-action lawsuit was filed on behalf of the affected consumers, and Equifax’s penalty was steep. In July 2019, Equifax agreed to settle the case, paying USD $1.38 billion to resolve consumer complaints, and USD $380.5 million to those who were harmed by the breach [6]. While those numbers are large, the large number of victims meant that the maximum payout was only USD $125 [1]. Additionally, Equifax was required to provide free credit monitoring to all those affected by the breach.

For months, investigators waited for the stolen data to appear on the dark web to be sold to spammers and scammers. However, the stolen personal information never appeared. Ultimately, this led to the belief that state-sponsored actors were behind the attack. This meant the purpose of the attack was not to make money, but for espionage. For years, it was unknown who was behind the breach. However, in 2020, the United States Department of Justice abruptly charged four Chinese military members with the attack [1]. While the four potential perpetrators are unlikely to ever be extradited to stand trial, these charges at least provide a theory of who was behind this massive data breach.

Protect Your Data with AXEL Go

AXEL is committed to protecting your data from scammers, spammers, and cybercriminals. And the best way to fight against cyberattacks is to be prepared. That’s why AXEL Go, AXEL’s secure file-storage application, uses military-grade encryption and blockchain technology to safeguard your data. To try out AXEL Go’s unparalleled data security, sign up for a two-week free trial here

[1] Fruhlinger, Josh. “Equifax Data Breach FAQ: What Happened, Who Was Affected, What Was the Impact?” CSO Online. February 12, 2020. https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html.

[2] Riley, Michael, Jordan Robertson, and Anita Sharpe. “The Equifax Hack Has the Hallmarks of State-Sponsored Pros.” Bloomberg.com. September 29, 2017. https://www.bloomberg.com/news/features/2017-09-29/the-equifax-hack-has-all-the-hallmarks-of-state-sponsored-pros.

[3] Leonhardt, Megan. “Equifax to Pay $700 Million for Massive Data Breach. Here’s What You Need to Know about Getting a Cut.” CNBC. July 23, 2019. https://www.cnbc.com/2019/07/22/what-you-need-to-know-equifax-data-breach-700-million-settlement.html.

[4] Hudson, Phil. “Equifax Gets Blasted for Cybersecurity Hack on Social Media.” Bizjournals.com. September 8, 2017. https://www.bizjournals.com/atlanta/news/2017/09/08/equifax-gets-blasted-for-cybersecurity-hack-on.html.

[5] Liptak, Andrew. “Former Equifax Executive Sentenced to Prison for Insider Trading Prior to Data Breach.” The Verge. June 29, 2019. https://www.theverge.com/2019/6/29/20056655/jun-ying-equifax-breach-jail-time-insider-trading-department-of-justice.

[6] Brumfield, Cynthia. “Equifax’s Data Breach Disaster: Will It Change Executive Attitudes toward Security?” CSO Online. July 24, 2019.  https://www.csoonline.com/article/3411139/equifax-s-billion-dollar-data-breach-disaster-will-it-change-executive-attitudes-toward-security.html.