Mainframe Security | Past Data Breaches
and Current Threats to z/OS® Mainframes

z/OS mainframe security is of utmost importance; it cannot be overlooked or underestimated. Articles describing security lapses are made available to help combat these serious issues., and this page in specific, provides a central cache of useful mainframe security problem points and breaches for z/OS programmers, administrators, security officers and decision makers.
Beyond being aware and knowledgeable, it’s incredibly important to utilize mainframe security solutions to help secure the mainframe.

Use the menu above to browse through our summaries of articles related to access, compliance, mainframe network security and encryption, all heavily focused on z/OS mainframe security, along with our list of z/OS security presentations.

The following Gartner Research Note and the articles below indicate why we provide this site—

Because z/OS Mainframe Security is Under Constant Threat.


“The IBM z/OS mainframe continues to be an important platform for many enterprises, hosting about 90% of their mission critical applications. Enterprises may not take the same steps to address configuration errors and poor identity and entitlements administration on the mainframe as they do on other OS’s. Thus, the incidence of high-risk vulnerabilities is astonishingly high, and enterprises often lack formal programs to identify and remediate these.”
-Gartner Research Note (G00172909)


Information Security Is a War

Feb. 2015, Patrick Botz – IBM Systems Magazine

No one would argue against the absolute importance of mainframe security; keeping the mainframe secure isn’t an option, it’s a must. There seems to be a major disconnect between the need for mainframe security and how it gets accomplished compared to other departments of an organization. Mr. Botz writes, “I was recently asked my opinion on the biggest security-related issue facing IT today. My answer? Management is not performing their rightful roles in the security management process. What happens today in most companies is the equivalent of army generals giving soldiers a few weapons and then telling them to figure out which battles to fight.”


Pirate Bay Co-Founder Found Guilty of Hacking Crimes in ‘Historic’ Case

30 Oct. 2014, Madeline Grant – Newsweek

Co-founder of Pirate Bay and prominent hacker, Gottfrid Svartholm Warg, “was found guilty by a Copenhagen court of stealing data from the systems of CSC, a major American IT firm that holds Danish public records.” He hacked into the CSC mainframe in 2012 and stole hundreds of thousands of Danish social security numbers along with other important personal information stored in the mainframe. This case highlights the importance of having a succinct mainframe security plan. Utilizing a solution that could thwart such an attack should be part of every organization’s arsenal.


System z IS NOT Secure: But It Is Securable

10 Apr. 2014, Barry Schrager – Enterprise Systems Media

The mainframe is vulnerable and must be protected in a number of ways for it to ever be considered “secure.” This article provides an excellent summary of several different ways the mainframe is susceptible and to whom. One example is, “Another vulnerability highlighted by Phil Young was the exposure of the RACF database or one of its backup copies. For example, it is easy to determine the name of the RACF primary and backup databases using the RVARY LIST command—it just displays it. If these databases are not properly protected, then the stored passwords are easily obtained.”

There’s much more to mainframe security than finding the holes and filling them with putty. Even with a secure environment, things can potentially happen; some form of monitoring software should be considered to guard against intruders, from the outside and within.


Ovum research reveals growing risk of data breach from insider threats

03 April 2014, Chloe Green – Information Age

This article contains information from Vormetric, enterprise data security specialists, and its 2014 European ‘Insider Threat’ survey. Perhaps not all that surprising, only 9% of businesses feel safe from insider threats and 42% believe their ‘privileged users’ pose the biggest risk. The statistics provided here really lend credence to the idea of looking for threats both inside and outside of an organization.

“Insider threats are no longer only traditional insiders with legitimate access rights who abuse their positions to steal data for personal gain. Privileged users who maintain systems and networks are now an additional concern, as their roles typically require access to all data accessible from systems to perform their work.” An insider likely has intimate knowledge of the system and security along with unfettered access, which makes it more difficult to identify the malicious behavior and stop it. However, monitoring and fraud detection software will help mitigate these insider risks.


Big Data: Big Security Risk?

23 Sep. 2013, Andy Thurai – Enterprise Executive

Provided in this concise article are security tips that should be followed to secure Big Data. Using existing steps that worked for legacy systems in a legacy security model may end up being more trouble than anything. These security tips should get your organization on a better path to mainframe security and secure Big Data. Mr. Thurai finishes by stating, “Extending the existing security models to fit Big Data may not solve the problem; in fact, it might introduce additional performance issues. A solid security framework needs to be thought out before organizations can adopt enterprise-grade Big Data.”


The Pirate Bay co-founder charged for hacking and stealing money

17 Apr. 2013, Mohit Kumar – The Hacker News

Gottfrid Svartholm Warg, AKA Anakata, is “charged with hacking the IBM mainframe of Logica, a Swedish IT firm that provided tax services to the Swedish government, and the IBM mainframe of the Swedish Nordea bank,” this time around. He’s hacked into quite a few mainframes and caused quite a lot of damage, underscoring the importance of having a monitoring tool in place, among other security needs. He’s a co-founder of The Pirate Bay and their group has been a part of many of the largest mainframe breaches. These intrusions netted them a huge amount of personal data, sensitive information and money, which usually happens whenever a mainframe is hacked into.


Cybercriminal teen hacked prison mainframe while taking IT course

04 Mar. 2013, John E Dunn – Tech World

While in prison, 21-year old Nicholas Webber hacked into his prison’s mainframe while taking an IT course! This happened at the Her Majesty’s Young Offender’s institution ‘Isis’ in London. Webber isn’t an average inmate; he’s in prison because he stole credit card information for 100,000 cards, which was worth nearly $20 million. He’s a prodigious hacker, which lead everyone to wonder why he was allowed access to a computer in the IT class. This ended up getting the teacher fired. This incident highlights the potential for any mainframe to be hacked through unconventional means. Without proper security, a mainframe is vulnerable to a multitude of attacks.


TRICARE Hit With $4.9 Billion Lawsuit

Damages Sought for Privacy Violations in Breach Incident

14 Oct. 2011, Howard Anderson – HealthcareInfoSecurity

A class action lawsuit is seeking $4.9 billion in damages as a result of alleged privacy violations stemming from a recent health information breach…Unencrypted backup tapes were stolen.


Security pros say that hackers have the upper hand

13 Oct. 2011 – Help Net Security

More than 75 percent of network management and security professionals believe that automated tools give hackers the upper hand in evading the defensive systems utilized by most enterprises.

A vast majority of those IT pros surveyed reported that their employers—for the most part large organizations—cannot maintain necessary layered defenses based on their inability to determine where gaps in those systems exist.


Verizon data breach report 2011: Attackers refining their targets

19 Apr. 2011, Robert Westervelt – SearchSecurity

The value of authentication records, such as usernames and passwords, has risen dramatically. Credentials to gain access to government systems can fetch as much as $30,000 on the black market.

Attackers are stealing user credentials to gain access, Sartin said, hacking into the network and installing malware to compromise the confidentiality and integrity of servers. [Bryan Sartin is director of investigative response at Verizon].


Mainframe Hacking: Fact of Fiction?

11 Jan. 2010, Stan H. King – z/Journal

During the infancy period of the mainframe, hacking a mainframe from the outside would have been impossible as access points were fully secure. This didn’t stop people on the inside from stealing data and money, but outside attacks were very much nonexistent. While mainframe security software and solutions have gotten better since then, connections to the mainframe have grown exponentially as well. This opens up more possibilities for attacks; hackers have succeeded, and will continue to succeed, getting into mainframes. Organizations not taking every precaution and not monitoring their entire mainframe system are vulnerable, whether they think their mainframe can be hacked or not.

Mr. King states, “The threat of hacking mainframes should be taken seriously. While it appears System z systems are protected quite successfully, we can’t rest on our laurels or think we’re invincible.”


Mainframe Breach at LensCrafters Parent Hits 59K

25 Nov. 2008, Richard Adhikari – Internet News

This mainframe attack left over 59,000 employees’ data compromised and in the hands of the suspect in Arizona, USA. The culprit hit “Italy-based Luxottica Group S.p.A. owns the LensCrafters eyewear chain and is the world’s largest designer, manufacturer and distributor of high-end eyewear — including products bearing the Ray-Ban, Dolce & Gabbana, Donna Karan, Polo Ralph Lauren, Prada and Versace brands.”

Details are scant, which is quite normal with any mainframe breach; however, a theory has arisen with the information available, “Chris Petersen, who is now chief technology officer of LogRhythm, which collects and manages server log data, told that it is likely the hacker accessed another server first, then hopped from machine to machine until getting to the mainframe.” Without the proper mainframe protection, a breach like this could happen to any organization.