skip to main content
Travelers Logo
  • About
  • Careers
  • Agents
  • Investors
  • Sustainability
  • Contact Us

Register now
Problems logging in?
  • For Individuals
    • Overview
    • Products
      • Car
      • Home
      • Renters
      • Condo
      • Landlord
      • Boat & Yacht
      • Travel
      • Pet
      • Weddings
      • Umbrella
      • All Products
    • Prepare & Prevent
      • Insurance 101
      • Home Central
      • Travelers Garage
      • Managing Through COVID-19
    • Affinity Group Discount
    • Online Service
    • Pay Your Bill
      • Get a Quote
      • Find an Agent
      • Report a Claim
      • Pay Your Bill
  • For Business
    • Overview
    • Products & Solutions
      • Overview
      • Boiler & Machinery
      • Commercial Auto & Trucking
      • Cyber
      • Environmental Liability
      • Excess Casualty & Umbrella
      • General Liability
      • Global Insurance
      • Inland Marine
      • Management & Professional Liability
      • National Programs
      • Ocean Marine
      • Property
      • Small Business Owner's Policy
      • Surety Bonds
      • Workers Compensation
        • Find an Agent
        • Report a Claim
        • Pay Your Bill
    • Industries
      • Overview
      • Agribusiness
      • Architects, Engineers & Surveyors
      • Auto & Truck Dealers
      • Business & Professional Services
      • Construction
      • Education
      • Energy & Renewable
      • Equipment Dealers
      • Financial Institutions
      • Food Services
      • Health & Related Services
      • Hospitality & Recreation
      • Manufacturing
      • Marine Industries
      • Museums & Fine Art
      • Non-Profit
      • Oil & Gas
      • Public Entities
      • Real Estate
      • Retail
      • Technology
      • Transportation
      • Wholesale & Distribution
        • Find an Agent
        • Report a Claim
        • Pay Your Bill
    • Services
      • Overview
      • Risk Control
      • Claim
      • Premium Audit
      • Online Customer Tools
      • Risk Management Information Services
      • Travelers Client Advantage
        • Find an Agent
        • Report a Claim
        • Pay Your Bill
    • Small Business
      • Overview
      • Automobile Insurance
      • Business Owner's Policy
      • Data Breach
      • Employment Practices Liability
      • Professional Insurance
      • Umbrella Insurance
      • Workers Compensation Inurance
        • Find an Agent
        • Report a Claim
        • Pay Your Bill
    • Large Business
      • Overview
      • Casualty
      • Cyber
      • Management & Professional Liability
      • Property
        • Find an Agent
        • Report a Claim
        • Pay Your Bill
    • Multinational Business
    • Prepare & Prevent
      • By Topic
      • By Industry
      • Navigating Your Business Through COVID-19
        • Find an Agent
        • Report a Claim
        • Pay Your Bill
      • Find an Agent
      • Report a Claim
      • Pay Your Bill
  • Claim Center
    • Claim Center
    • Should I File a Claim?
    • Report a Claim
    • Roadside Assistance
    • Find a Service Provider
    • Check Your Claim Status
    • Manage Your Claim Experience
      • Claim Reporting Next Steps
      • Claim Guide Library
      • Workers Compensation Resources
    • Claim Capabilities
      • Get a Quote
      • Find an Agent
      • Report a Claim
      • Pay Your Bill
  • Prepare & Prevent
    • For Individuals
    • Home Central
      • Buying & Selling
      • Home Maintenance
      • Home Renovation
      • Home Safety
      • Moving
      • Smart Home
    • Travelers Garage
      • Buying & Selling
      • Car Maintenance
      • Distracted Driving
      • Safe Driving
      • Teen Driving
      • Boating
    • Insurance 101
    • Weather
    • For Business
    • Industries
      • Construction
      • Manufacturing
      • Nonprofit
      • Small Business
      • Technology
    • Topics
      • Business Continuity
      • Cyber
      • Driver and Fleet Safety
      • Facilities Management
      • Internet of Things
      • Product and Services Liability
      • Supply Chain Management
      • Workplace Safety
    • Travelers Risk Index
      • Get a Quote
      • Find an Agent
      • Report a Claim
      • Pay Your Bill
  • About Travelers
    • Overview
      • Awards & Recognition
      • Careers
      • Community
      • Diversity & Inclusion
      • Sustainability
      • History
      • Investors
      • Media Resources
      • News
      • Travelers Championship
      • Travelers Institute
      • Get a Quote
      • Find an Agent
      • Report a Claim
      • Pay Your Bill
    • Get a Quote
    • Find an Agent
    • Report a Claim
    • Pay Your Bill
Main Navigation
  • For Individuals
      • Insurance for Individuals
      • Products
        • Car
        • Home
        • Renters
        • Condo
        • Landlord
        • Boat & Yacht
        • Travel
        • Pet
        • Weddings & Events
        • Umbrella
        • More
      • Prepare & Prevent
        • Insurance 101
        • Home Central
        • Travelers Garage
      • Affinity Group Discount
      • Online Service
      • Pay Your Bill
    • Get a home quote now

      It's easy to get a free quote for home insurance from Travelers in just a few minutes.

       

      Get a home quote now
  • For Business
      • Products & Solutions
        • Commercial Auto & Trucking
        • Cyber
        • General Liability
        • Management & Professional Liability
        • Property
        • Small Business Owner's Policy
        • Surety Bonds
        • Workers Compensation
        • More
      • Industries
        • Construction
        • Energy & Renewable
        • Financial Institutions
        • Healthcare
        • Manufacturing
        • Real Estate
        • Technology
        • Transportation
        • More
      • Prepare & Prevent
      • Services
        • Risk Control
        • Claim
        • Premium Audit
        • More
      • Pay Your Bill
      • Small Business
      • Large Business
      • Multinational Business
      • For Business Overview
    • Tips for Managing Risks Related to a Remote Workforce

      Tips for Managing Risks Related to a Remote Workforce

      With the current reality of more employees working from home through the pandemic, is your business ready for all the implications?

      Learn more
  • Claim Center
      • Claim Center
      • Should I File a Claim?
      • Report a Claim
      • Roadside Assistance
      • Find a Service Provider
      • Check Your Claim Status
      • Manage Your Claim Experience
        • Claim Reporting Next Steps
        • Claim Guide Library
        • Workers Compensation Resources
      • Claim Capabilities
    • Send us your receipts, photos, invoices and more with just a push of a button.

      Securely share information with your Claim team.

      Send us your receipts, photos, invoices and more with just a push of a button.

      Upload a File
  • Prepare & Prevent
      • For Individuals
      • Home Central
        • Buying & Selling
        • Home Maintenance
        • Home Renovation
        • Home Safety
        • Moving
        • Smart Home
      • Travelers Garage
        • Buying & Selling
        • Car Maintenance
        • Distracted Driving
        • Safe Driving
        • Teen Driving
        • Boating
      • Insurance 101
      • Weather
      • For Business
      • Industries
        • Construction
        • Energy
        • Manufacturing
        • Nonprofit
        • Small Business
        • Technology
      • Topics
        • Business Continuity
        • Cyber
        • Driver and Fleet Safety
        • Facilities Management
        • Internet of Things
        • Product and Services Liability
        • Supply Chain Management
        • Workplace Safety
      • Travelers Risk Index
    • Managing Through COVID-19

      Managing Through COVID-19

      Resources to help you adapt to the realities of COVID-19.

      Learn more
  • Home
  • Prepare & Prevent
  • Business
  • Cyber
  • How Does a Data Breach Happen

How Does a Data Breach Happen?

By Travelers Risk Control
Person looking into how a data breach happened Person looking into how a data breach happened

To show how quickly a cyber criminal can hack into a database, Travelers’ Cyber Fraud investigative team developed a mock business website built on a common open source platform with a common weakness, or vulnerability, that would make it a prime target for cyber criminals. At a recent event, the team demonstrated how it is possible to hack into the site, download sensitive data and deface the homepage of the site in a matter of minutes.

For the demonstration, Travelers’ Cyber Fraud professional Kurt Oestreicher was able to input a command into the user name and password field, which allowed him to gain administrative access to the website, download the credit card application file and replace the homepage image with a demand for $1 million.

With the advent of hacking kits, including penetration testing tool kits designed to be used to defend a network, hackers are able to quickly identify weaknesses that they can exploit. Understanding those vulnerabilities and how to defend against them can help companies protect their data from thieves who are in search of valuable personal data.

“Computer attacks are not magic,” explains Chris Hauser, a Travelers Cyber Fraud professional and former FBI agent responsible for cyber investigations. “They are a series of discrete attacks taking advantage of certain vulnerabilities.”

An SQL Injection Attack

The Astonishing Furniture mock website, built using the free, open source software program Drupal, features an online application for a store credit card. Here, consumers would enter sensitive information, including their social security number, date of birth and income, which would be stored in a database that is vulnerable to an SQL injection attack.

An SQL injection attack exploits vulnerability in the software where the user inputs data. What the vulnerability in Drupal allowed is for the hacker to enter code in the user name and password field. From there, the hacker could assign an administrative user name and password and execute commands on the server, including downloading sensitive data.

“If we think of Astonishing Furniture as an example of a typical commercial entity, our data shows us they probably do not have a plan in the event of an attack,” says Travelers Cyber Lead Tim Francis, who says that small and mid-sized companies often are the least prepared. “They lack some of the resources and the expertise to adequately prevent against these attacks from occurring in the first place and when these attacks do occur, they are often the least likely to be able to respond.”

A Preventable Problem

"SQL injections are a very common attack mode,” says Hauser, who explains that the attack allows hackers to enter malicious code into a data entry field. “It is considered low-hanging fruit and it is one of the most preventable forms of computer hacking.”

The open source software had identified this vulnerability and issued a “patch” to remedy it, but not all businesses practice timely patch management. As the 2015 Verizon Data Breach Investigation Report found, 10 common vulnerabilities and exposures, or CVEs, accounted for 97% of exploits in 2014. The report also found that 99% of exploited vulnerabilities were compromised more than a year after the CVE became publicly known.

Poor vendor management is in part to blame for failing to catch this preventable hack, according to Mark Greisiger of NetDiligence, which provides data breach crisis services. “Very often, clients are outsourcing their computing to third-party contractors, vendors and clouds, and those entities are having mishaps,” says Greisinger. “These third-party entities are in the care, custody and control of policyholders’ data. Doing due diligence on vendors is becoming more critical in the coming years.”

Managing Vulnerabilities

Implementing a vulnerability management program can help companies systematically defend against known vulnerabilities, rather than respond to one-off threats. Francis also points to employee training and performing a tabletop exercise, in which companies plan out their response to an attack. A breach coach can be an essential part of managing a data event, says Francis, acting as first responders, along with the claims professionals of the carrier, to help the company triage the event.

Cyber insurance can also help companies before an event takes place by helping supply the companies with risk management tools and advice, and access to a breach coach, forensics consultants and other professionals in the data security community who can help with their information security.

Learn More About Cyber Insurance Options

More Prepare & Prevent

Cyber test

Cyber Risk Pressure Test [Tool]

What could your company be doing to better manage cyber risk? Take our four-part questionnaire to find out.

System protected from cyber extortion

11 Steps to Help Protect Your Business from Cyber Extortion

Extortion as a result of a cyber attack is becoming more and more common for all business types and sizes.

Digital forensic detective investigating a data breach in a server room

How Digital Forensics Detectives Investigate a Data Breach

Digital forensic detectives help businesses with data breach investigations to properly collect evidence and help prevent further damage.

Top Stories
Cover of Cybersecurity Guide PDF

Are You Prepared for Cyber Risks?

A detailed cybersecurity guide for small and medium-sized businesses.

  • Download the cyber guide

Related Content

  • What Is a Data Breach Coach and How Do I Get One?
  • Cyber Security Training for Employees
  • Cyber Terms 101

Find an Agent

Need an Agent?

Get the personal service and attention that an agent provides.

Find a local agent in your area:


cyber lock

Get Prepared with Cyber Insurance

Travelers can help with cyber insurance solutions for your business.

  • Learn more

See All Cyber Content


Travelers logo

Travelers and The Travelers Umbrella are registered trademarks of The Travelers Indemnity Company in the U.S. and other countries.
© 2021 The Travelers Indemnity Company. All rights reserved.

  • Travelers on Facebook
  • Travelers on YouTube
  • Travelers on Twitter
  • Travelers on LinkedIn
  • Travelers on Instagram

Products & Services

  • For Individuals
  • For Businesses
  • Claim Services
  • Prepare & Prevent

Our Company

  • About Travelers
  • Careers
  • Investors
  • Sustainability

Connect

  • Customer Support
  • MyTravelers®
  • For Agents
  • Find an Agent

Legal & Compliance

  • Terms of Service
  • Privacy & Security
  • Accessibility
  • Producer Compensation Disclosure