The second largest telecom company of Poland, Netia suffered a cyber-attack, where security to the company’s network has been breached and personal information carrying some major confidential data of its clients and users has been leaked online (Waqas 2016). The incident took place on July 7th, 2016, following the incident; website of the company was down for the entire day and night. It has been stated that the attack has been carried out by a Ukrainian hacker. The hacker has gained access to 14 GB of client’s and users’ personal data.
Impact of Attack
The main victims of the attack are the clients and users of the company Netia. Some of their very confidential information has been leaked such as information related to their bank accounts (Adamowski 2016). The hacker posted multiple SQL files on the net that contains important database files which includes records such as IP Trade Doubler, IP Block Lead, device and product offers and Blue Media Transactions. The attacker also posted a file that contains an SQL file with around 342k lines containing information like home addresses, first and last name of clients and users, their email addresses, phone numbers, IP addresses and other similar data. All the data on the network was last updated in the year 2014 that means data stolen contains valid data almost about 95-98 percent (Adamowski 2016).
Researchers of the breach incident also stated that they have even found a long 9GB file which has been stolen and contains user’s details regarding their browser, agent type, session IDs and operating system on their respective systems. Altogether, a total of 14GB data has been stolen which was followed by dumping around 615,627 unique email addresses which includes, 118,989 of Gmail addresses, 150,440 of Poland’s 6th largest web portal Wirtualna and around 64000 of O2 users.
Fig: List of Top Ten Email Domains Compromised
Although investigators could not find any file related to passwords of these emails but it was possible for them to detect the database of logger which holds session IDs of clients, which simply means that Identify theft is very simple in this case as the malicious user could use this sensitive data to authenticate himself as original user.
How was the attack carried out?
Although no exact reports have been stated by now upon the flaw that caused the attackers to intrude into the company’ website, still there are many speculations which are been interpreted and could be the cause of attack. One of them is SQL injection which is an established attack to which websites are vulnerable. The hacker publically announces that he warned the company of the attack before but they didn’t seem to care. He stated that I somehow warned them about a bug bounty program which they should use but they did not (Russon 2016).
Preventive Measures to stop further Attacks
The damages done could not be undone but there are always possible solutions to it, which could prevent something like that in future. After the attack on Netia’s company website, Tony Pepper, CEO of Egress Software Technologies stated that web forms which are provided to users for getting information from them must be encrypted too along with other data as these forms are normally submitted in plain text and in unencrypted form which even sometimes contains the most confidential information about a client and could result in a hack. This type of forms even contains bank details of the user which need to be kept very secured, hence the idea of encrypting forms (Russon 2016).
The other measures to prevent cyber-attacks are:
Stay Updated: Company’s must know about the types of cyber threats which are in news. If even a basic knowledge of threat is known, it could be prevented.
Restricted Access: This includes login credentials to every other confidential information that resides on the network. Access rights must be provided only to those who actually need it and are safe. Public key and Private Key procedure could be used in order to maintain data integrity.
Tighten Network Security: Session timings should be very short and if the user is idle for more than 10 minutes it should automatically log-out. Validate password to make them Strong and a need to change them frequently.
Using SSL: The SSL Protocol used to transfer client’s confidential data amid website and company’s database must go through an encryption technology.
Anthem medical data breach case 2015Problem Statement
An American health insurance company WellPoint Inc. which is known as Anthem Inc. since 2014, faced a serious cyber-attack in early months of 2015. Anthem disclosed the information on security breach on 4th of February, 2015 (Riley 2015). They informed that the criminals had stolen approximately 38 million of personal identifiable information records though hacking company’s system and servers. On 24th Feb, 2015 they revised the number of records been hacked and the toll rose to 78.8 million. Department thinks that, this was planned over the course of several weeks and must have started around December 2014 (Mathews 2015).Impact of attack
The former and current members, who are or were associated with any health plans affiliated by Anthem since 2004, have been impacted by the cyber-attack. Also, few of the members of Blue shield Plans and Blue cross, who takes health services in any area which is served by Anthem might have been impacted (Riley 2015). In few of the cases non-Blue Plan members along with non-Anthem members might have been impacted too in case they have been offered options related to non-Anthem or Anthem plans by their employer. Attackers explored database system of Anthem and stolen information such as their names, birthdates, social security numbers, employment information, email address, home address and health care ID numbers including income data and the individuals who data hacked stole could bear problems related to identity theft for the rest of their life (Mathews 2015). Anthem believes that neither information related to banks or credit card has not been stolen nor any evidence has been collected against medical information for example diagnostic codes, test results or claims, was obtained or targeted (Mathews and Yadron 2015).
How was the attack carried out?
In the month of January last year, one of the administrators at Anthem Health Insurance Company observed that their system network is running through an unknown complex query which they initially thought has been run by one of their employee, but in minutes it was known that it is coming from external environment and company has been targeted for cyber-attack (Mathews and Yadron 2015).
Investigators stated that hackers might have tricked the employees of Anthem, to click on a phishing mail which they must have presented as an internal message or something. After that mail was clicked hackers were able to gain access to the Anthem’s database using Administrator’s credentials along with five other employees’ credentials. According to a news channel Bloomberg, the hacker belongs to the country China and carried out the data breach from there itself.
It was not clear whether the employee who raised the alarm was one of these five employees whose credentials were used. Attackers might have made use of Adobe vulnerabilities, Windows or Java to get the credentials.
What could have been done to prevent the attack?
There are two ways security breach must have taken place. Either it could be an inside attack where an employee of the company might have used its own credentials of the account to stole the information or some external hacker might have phished the employees to get their credentials. Whatever is the case, intruders were already inside the walls and any type of firewalls or other security measures could have no effect in preventing it (Terry 2015).
Anthem was also in debate about its data encryption techniques. It was stated that Anthem’s database was not encrypted in storage and ‘on the wire’. It is very crucial when a hacker attacks the security on some network and stoles the information from the database. If the data on the system is encrypted using high techniques, it could prevent the hackers from accessing the data. In case, the data is attacked by an insider, this could not be a useful technique as employees need to view data in unencrypted form and they have rights to view data to perform their job activities, hence encrypting data is also not the solution to the problem.
There are two measures which could have been taken to diminish the damage or it could have even prevented any loss at all. These measures are:
- Context-aware access control: In this prevention measure, system checks for every authentication session that where it is coming from, what platform is being used, what is the date and time and similar other things. This would help preventing an outsider to login into company’s network even if the intruder is using valid credentials which he might have received through some phishing techniques (Whitney 2015).
- Behavioural Analysis: Keeping a track of employee’s activity on the network and comparing it to their previous history records and with the network activities of other employees on the same role or position. This could be achieved using automated systemised analysis as part of Real Time Security Intelligence, which when observe any doubtful activity will either raise a flag or will close down the access of the employee temporarily (Abelson and Creswellfeb 2015).
Awareness also has a major role in preventing these kinds of frauds. It has been recommended that employees must be aware of the cyber threats; they must remain attentive for incidents which are related to cyber frauds (Weise 2015). They should also be aware of the scam email campaigns which are mainly targeting individuals at their personal mail-ids. This type of scam mails are designed to detect private information of an employee and are designed in a manner appearing as they are from the company itself which includes links like “Click here” to monitor credentials. Employee should not reply or click on any such type of mails and not even try to reach out the sender. In case, a link has been clicked, do not supply any information on that link and never open any attachments that must have come with any such email (Abelson and Goldstein 2015).
They must also ensure all their members that they will not be calling to get their personal information such as information related to credit card or similar.
Riley, C. (2015). Insurance giant Anthem hit by massive data breach, Retrieved 23rd August 2015 from
Mathews, A. (2015). "Anthem: Hacked Database Included 78.8 Million People", Retrieved 24th August 2015 from
Abelson, R. and Goldstein, M. (2015). "Anthem Hacking Points to Security Vulnerability of Health Care Industry", The New York Times.
Weise, E. (2015). "Massive breach at health care company Anthem Inc.". USA Today. McLean, VA: Gannett. ISSN 0734-7456.
Whitney, L. (2015). "Anthem's stolen customer data not encrypted - CNET", Retrieved 23rd August 2015 from
Mathews, A. and Yadron, D. (2015). "Health Insurer Anthem Hit by Hackers - WSJ", Retrieved 23rd August 2015 from
Abelson, R. and Creswellfeb, J. (2015). "Data Breach at Anthem May Forecast a Trend - NYTimes.com". The New York Times. New York: NYTC. ISSN 0362-4331.
Terry, N. (2015). "Time for a Healthcare Data Breach Review Bill of Health", Retrieved 23rd August 2015 from Center for Health Law Policy at Harvard Law School.
Waqas, H. (2016). “Ukrainian Hacker Hacks Polish Telecom Giant Netia; Leaks Massive Data”, Retrieved 23rd August, 2016 from
Adamowski, J. (2016). “Polish telecom suffers major data breach following hack”, Posted in SC Magazine, Retrieved 23rd August, 2016 from
Russon, M. (2016). ‘Polish telco operator Netia suffers massive data breach, exposing 300,000 customer credentials’, International Business Times, Retrieved 23rd August, 2016 from
Muncaster, P. (2016). ‘Polish Telco Netia Suffers Major Breach’, published on info security, retrieved 23rd August, 2016 from