Top 10 biggest security scandals, from McKinnon to Sony

Information security risk represents one of the biggest challenges to today's IT manager, with malware threats set to continue growing exponentially. But which threats have caused the most alarm among the public? V3 has taken a look back at some of its biggest IT security stories for this week's Top 10 to coincide with the departure of V3's news editor Phil Muncaster, who has closely covered the security beat since 2005. Because of this we have focused the piece on the past seven years.

10. The Kaminsky Bug

The big security news of 2008 was US researcher Dan Kaminsky's discovery of a serious vulnerability in the Domain Name System (DNS). The vulnerability would allow malicious attackers to redirect network users to their choice of alternative servers. This prompted a mad rush by a large number of security vendors to patch DNS servers worldwide and ultimately led to the creation of the DNSSec protocol.

9. Sony hack

The year 2011 was truly an annus horribilis for Japanese electronics giant Sony. Compounding a long-term slump that set in during the 1990s, the firm fell victim to what was described as the largest data theft ever when hackers compromised its systems and got away with the details of more than 70 million account holders. Although Sony accused online hacktivist group Anonymous of being behind the attack, the perpetrators have never been caught. Sony was widely criticised, however, for the sluggish way in which it responded to the incident, keeping customers in the dark for days before admitting what had happened.

Subsequent attacks on various web properties rounded off the misery for the firm, which made itself a target for the hacking community with its pursuit of illegal file sharers and the lawsuit it filed against PS3 hacker George ‘Geohot' Hotz. Company boss Sir Howard Stringer is tipped to be on his way out after the firm finished the year with net losses topping $3bn.

8. HM Revenue & Customs

On 18 October 2007, a junior staff member at HM Revenue & Customs (HMRC) sent two computer discs containing data relating to 25 million child benefit claimants to the National Audit Office as unrecorded mail via courier TNT. The discs subsequently went missing.

The personal data on the missing discs was reported to include names, addresses and dates of birth of children, together with the National Insurance numbers and bank details of their parents. The loss sent the media and the public into a frenzy, with understandable outrage that the discs had not been encrypted.