Company’s network breached for 10 years

It can sometimes be difficult to detect a data breach, which often allows hackers to continue stealing sensitive information. But here’s an example of a single breach that lasted nearly a decade. 

Telecommunications firm Nortel Networks was the victim of an attack that began as far back as 2000. Over the next several years, hackers continued to steal technical papers, research-and-development reports, business plans and other documents, the Wall Street Journal reports.

The breach wasn’t discovered until 2004, and even after that, little was done to prevent continued damage, according to former Nortel employees. In 2009, the company filed for bankruptcy and began selling off its business divisions.

What was behind the 10-year security incident? While there are a number of factors to blame for the severity of the breach, it all began with poor password management.

The incident began after hackers stole passwords from seven executives, including the company’s CEO — and the stolen passwords weren’t changed until the breach was discovered four years later. And even after that, the hackers had more than enough time to install sophisticated spyware to keep the breach going.

The bottom line: As this story shows, even a single stolen password can do a lot of damage. Therefore, experts recommend IT:

  1. Require passwords protecting sensitive information to be changed regularly
  2. Focus on securing browsers, which can be used to steal passwords, and
  3. Warn users not to use the same password for business access as they do with personal accounts.