Largest Data Breaches in Recent Years

We all know that the amount of successful cyberattacks on businesses networks have increased over the years. Cybercriminals usually hack into a Web site or infiltrate a network using a social engineering attack, such as spear fishing, to breach the security and steal the data. Sometimes the data is not breached, it’s actually leaked accidentally by an employee or vendor. This is known as data leak. While there is a difference between a data breach and a data leak, in both the cases the information is compromised so the damage can be severe. When discussing data leaks, it’s hard to ignore the data leak of nearly every American voter in June this year. The Washington Post reported on June 19, 2017 that “Detailed information on nearly every U.S. voter — including in some cases their ethnicity, religion and views on political issues — was left exposed online for two weeks by a political consultancy that works for the Republican National Committee and other GOP clients.” The data was compiled by a company called Deep Root Analytics. “They’re using this information to create political dossiers on individuals that are now available for anyone,” said Jeffrey Chester, executive director of the Center for Digital Democracy. “These political data firms might as well be working for the Russians.” (The Washington Post, 2017).

As an American voter, obviously I was concerned about this data leak. After reading this Washington Post story, my first reaction was “Wow! That’s the entire U.S. electorate.” These are major security incidents affecting millions of ordinary citizens. Whether they are data leaks or data breaches, the people end up paying the price. Do you care whether a hacker stole your personal information from your bank by hacking into the bank’s Web site (data breach) and withdrew money from your checking account, or your personal information was inadvertently posted on the Web site by a bank employee (data leak) and a cybercriminal decided to empty your savings account? I don’t think so. You are out of money whether it was a data breach or a data leak.

I did an Internet search and found The 15 biggest data breaches of the 21st century. Like me, you probably remember most of them. It’s nice to have a comparison of these breaches to get a better idea of their enormity. You can check out the complete list posted by Taylor Armerding yourself, but some big organizations among the largest data breaches are listed below. The data leak of American voters was not on this list so I have added that to this list.

1. Yahoo (2013-14) PII of 1.5 billion users compromised
   It cost Yahoo $350 billion and the company, which was valued at $100 billion at one time, changed its name to Altaba, Inc.
2. eBay (May 2014) 145 million users affected
   According to CSOonline.com “The company said hackers got into the company network using the credentials of three corporate employees, and had complete inside access for 229 days, during which time they were able to make their way to the user database.”
3. Heartland Payment Systems (March 2008) 134 million credit cards exposed through SQL injection
   The company had to pay out about $145 million to its customers to compensate for fraudulent payments and because Heartland was deemed out of compliance with the Payment Card Industry Data Security Standard (PCI DSS), it was forced to stop payment processing of credit cards until May 2009.
4. Deep Root Analytics (June 2017) Database of 198 million American voters left unprotected by the consulting company
   According to Washington Post, “Detailed information on nearly every U.S. voter — including in some cases their ethnicity, religion and views on political issues — was left exposed online for two weeks by a political consultancy.” The company called Deep Root Analytics was responsible for leaving this data unprotected. A cybersecurity researcher luckily discovered this data leak and reported to the law enforcement officials.
5. Target Stores (December 2013) Credit/debit card information and/or contact information of up to 110 million people compromised
   The breach cost Target $162 billion. Hackers gained access to Target’s point-of-sale (POS) payment card readers through a third-party HVAC vendor. They stole about 40 million credit and debit card numbers. Target’s CIO and CEO resigned a few months later.
6. JP Morgan Chase (July 2014) 76 million households and 7 million small businesses affected
   More than 50% of the American households were affected when the largest bank in the country was hacked. JP Morgan spends $250 million on security each year so they do take security seriously.

As you can see, 3 of the top 6 hacks took place in 2014, but that doesn’t mean that in recent years we are experiencing fewer cyberattacks. It just means that we haven’t experienced many large attacks affecting 100+ million users as of late. As businesses start to train their employees and implement a security awareness program, hopefully they can do a better job of preventing these large cyberattacks that affect million of innocent users.

Copyright © 2017 SeattlePro Enterprises, LLC. All rights reserved.