Fortinet Database Security Software is a cost-effective, automated solution for improving data security within enterprises by eliminating vulnerabilities in passwords, access privileges, configuration settings, and more. This centralized web-based application ensures consistent database security policies across the organization.
It has built-in expert knowledge of database, application security and compliance requirements. It provides businesses with an efficient foundation for compliance and security programs.
The table below lists some notable publicly disclosed database breaches.
| Name | Number of Records | Type of Breach |
|---|---|---|
| University of California San Diego Moores Cancer Center | 30000 |
30,000 patient personal information on a database server were accessed by a hacker. The information includes patients' names, birth dates and diagnosis and treatment dates Source:www.mercurynews.com |
| LexisNexis | 13000 |
An organized-crime family may have gained access to some of the sensitive consumer databases. The personal information of more than 13,000 consumers might have been compromised. Source:www.pcworld.com |
| AT&T | 2100 |
A temporary employee for AT&T stole personal information on 2,100 co-workers. The information includes social security numbers, and birth dates. Source:www.chicagobreakingnews.com |
| Alberta Health Services Edmonton | 11582 |
Personal health information of 11,582 was compromised by a computer virus on the network. Source:www.cbc.ca |
| American Express (Technologies) | N/A |
DBA stole thousands of American Express card numbers, created bogus cards, and swindled more than a million dollars from customers. Source:www.kpho.com |
| Sutter Health | 6000 |
The names and SSNs of 6,000 Sutter Health employees stored on a laptop got compromised. Source:www.news10.net |
| University of Alberta Hospital | 250000 |
Two laptops containing 250,000 patients private information were stolen. Source:www.edmontonjournal.com |
| Florida Department of Revenue | 2828 |
The personal information including name, address, and SSN of 2,828 people was compromised via a stolen flash. Source:www.gainesville.com |
| Beam Global Spirits & Wine Inc | N/A |
Unauthorized database access by a former employee exposes names, addresses, and social security numbers of past and present employees Source:doj.nh.gov |
| JFY Networks | N/A |
Unauthorized access by a hacker through a website exposes names, mailing addresses, email addresses, phone numbers, and social security numbers of the the job training and education program applicants Source:doj.nh.gov |
| Virginia Department of Health Professions | 531400 |
A prescription drug database was hacked on April 30th. About 531,400 people's social security numbers may have been compromised. Source:hamptonroads.com |
| Aetna Inc. | 65000 |
65,000 former and current employees names, security numbers, and contact information got exposed to the website. Source:www.wtop.com |
| Indiana Department of Workforce Development | 4500 |
Accidental disclosure of 4,500 people's Social Security number to the incorrect employers. About 1,200 companies received incorrect statements. Source:www.thetimesonline.com |
| New Jersey Department of Labor and Workforce Development | 28000 |
Due to a clerical error possibly sending their Social Security numbers to employers whom they did not work for, 28,000 people's personal information may have been compromised Source:www.nj.com |
| University of California Berkeley | 160000 |
160,000 Social Security numbers and other identification had been hacked from restricted university health services databases. of which 97,000 had their Social Security numbers illegally accessed Source:www.berkeleydailyplanet.com |
| Kapiolani Community College | 15487 |
The personal information including names, addresses, phone numbers, dates of birth and social security numbers of 15,487 students was exposed through a computer infected with malware that can steal sensitive data. Source:www.kitv.com |
| LexisNexis | 32000 |
A breach of database resulted in 32,000 people's personal information including names, birth dates, and socail security numbers accessed by unauthorized individuals. The 300 people had personal information used fraudulently Source:www.siliconvalley.com |
| Fox Entertainment Group | N/A |
The personal information of unknown number of employees, including names, social security number, compensation information was accessed by an unauthorized employee. Source:www.techcrunch.com |
| Policy Studies, Inc | 1600 |
A former contractor stole 1,600 names, social security numbers, bank accounts from a database filled with personal identification information. Source:www.tennessean.com |
| Massey University | 200 |
The personal information of 200 students, including ID numbers, names, dates of birth, IRD numbers, transcripts, and contact addresses and phone numbers, was exposed on the intranet Source:www.odt.co.nz |
| Central Ohio Transit Authority | 900 |
The names and security numbers of more than 900 current and former COTA employees were sent to 51 companies proposing to bid on providing long term disability insurance to COTA Source:www.dispatch.com |
| Shell Oil | 5900 |
The hackers obtained 5900 customer information contained in online application forms for Shell Fuel Card, including names, address details, email addresses, and bank account details. Source:www.nzherald.co.nz |
| Pentel of America Ltd | 2076 |
Between 12/11/2008 and 1/20/2009, hacker(s) gained unauthorized access to the online database and accessed certain customer data, including name, billing address, email address, billing phone number, credit card number, expiration date and CV2 credit card security code. Source:doj.nh.gov |
| Coleman for Senate | 4716 |
A database of donors' information exposed from a publically accessible and unprotected directory. Source:minnesotaindependent.com |
| University of Florida | 97200 |
An outside hacker gained access to a school computer system containing the personal information with social security numbers for more than 97,200 students, faculty and staff Source:www.gainesville.com |
| Johns Hopkins Hospital | N/A |
An employee stole patients' information to create fake credit card accounts for goods and loans Source:www.citypaper.com |
| University of Alabama | 37000 |
Hackers tapped 17 out of 400 databases containing personal information including names, addresses, birthdates, and security numbers Source:www.abc3340.com |
| Pepsi Bottling Group | 1398 |
A portable data storage device, which contained personal information, including the names and Social Security numbers of employees in the US is missing. Source:www.oag.state.md.us |
| Merrill Lynch | N/A |
A third-party consulting services firm working on behalf of Merrill Lynch reported, one of their employees was burglarized. The burglars took various items, including a computer, which had the names and Social Security numbers of current and former Financial Advisors and some applicants for employment who are residents of the state of New Hampshire. Source:doj.nh.gov |
| New Hampshire's Lakes Region General Hospital | 1500 |
Missing package contains personal information of 1500 patients. UPS recently shipped the parcel from a Woburn, Mass. central processing agent to the hospital, but the package never arrived. Information contained in the package includes patient names, possible Social Security numbers, dates of service and diagnosis code numbers for different diagnosis or medical procedures. Source:www.unionleader.com |
| Ohio State University | 18000 |
Ohio State University has notified 18,000 current and former students that their personel information was erroneously posted on an internet server. The information included student names, addresses, Social security numbers and coverage dates for those who enrolled in the health insurance from autumn 2005 through summer 2006. Source:www.studentlife.osu.edu |
| FEMA | 16857 |
An unauthorized breach of Katrina evacuees' private information. The information posted on two privately owned websites contained a spreadsheet with 16,857 lines of data that included applicant names, social security numbers, addresses, telephone numbers, email addresses and other disaster information regarding disaster applicants from Hurricane Katrina who had evacuated to Texas Source:www.fema.gov |
Database Security Updates
2.025 ( Released: Dec 28, 2011 16:53:20 )
Enhanced ( 6 )- DB2 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed (Critical)
- MSSQL - DVA MSSQL 01.09 Latest MSSQL Service Pack not Applied (Critical)
- MSSQL - DVA MSSQL 01.90 Latest MSSQL Hotfix not Applied (Major)
- Oracle - DVA ORCL 01.31 Restrict UTL_FILE_DIR (Critical)
- Oracle - DVA ORCL 01.34 Latest Oracle Patch not Applied for Oracle 10 (Critical)
- Oracle - DVA ORCL 01.35 Latest Oracle Patch not Applied for Oracle 11 (Critical)
2.024 ( Released: Aug 31, 2011 10:00:00 )
Enhanced ( 5 )- MSSQL - DVA MSSQL 01.09 Latest MSSQL Service Pack not Applied (Critical)
- MSSQL - DVA MSSQL 01.90 Latest MSSQL Hotfix not Applied (Major)
- Oracle - DVA ORCL 01.34 Latest Oracle Patch not Applied for Oracle 10 (Critical)
- Oracle - DVA ORCL 01.35 Latest Oracle Patch not Applied for Oracle 11 (Critical)
- Sybase - DVA Sybase 02.08 Apply Latest EBF From Sybase (Critical)
2.023 ( Released: Jun 30, 2011 00:00:00 )
Enhanced ( 7 )- DB2 - DVA IBM DB2 UDB 02.11 Latest Fixpack not installed (Critical)
- MSSQL - DVA MSSQL 01.90 Latest MSSQL Hotfix not Applied (Major)
- Oracle - DVA ORCL 01.34 Latest Oracle Patch not Applied for Oracle 10 (Critical)
- Oracle - DVA ORCL 01.35 Latest Oracle Patch not Applied for Oracle 11 (Critical)
- Oracle - DVA ORCL 05.49 Buffer overflow in DBMS_AQELM packet (Critical)
- Oracle - DVA ORCL 05.50 SQL Injection in SYS.DBMS_DEFER_SYS elevates user privileges (Major)
- Oracle - DVA ORCL 06.20 Oracle Component Accounts (Minor)
