Data breaches have become a daily occurrence. In this post we detail the biggest data breaches of the 21st century focusing specifically on how big the risk or damage was to the organization, insurers and users as opposed to how many records were compromised.
What is a data breach?
A data breach occurs when unauthorized access is gained into an organizations database, which allows cyber hackers to obtain critical information such as passwords, credit card numbers, social security number, banking details, etc.
What are the causes of data breaches?
Research indicates that three main reasons exist for data breaches, with malicious attacks making the top of the list followed (too) closely by human error and lastly, system faults. In this context, malicious attacks include cyber attacks, phishing attempts, malware, ransomware, and so forth.
1. Yahoo (2013-2014)
Impact: 3 billion user accounts
While in sales negotiations for its core internet business with Verizon, Yahoo announced that it had been the victim of a massive data breach. Its investigation brought to light that during the breach “certain user account information was stolen from the company’s network … by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.” These breaches caused Yahoo to knock $350 million off their sales price to Verizon. And, as a result of the reputational damage, Verizon subsequently changed its name to Altaba Inc.
2. eBay (2014)
Impact: 145 million users
After being criticized for its lack of communication and “and poor implementation of the password-renewal process”, the auction giant finally acknowledged the data breach in May 2014. eBay confirmed that all 145 million of its users’ names, addresses, dates of birth and encrypted passwords were exposed when hackers gained access to the company network. What makes this incident unique is that the hacking had hardly any effect on the bottom line. According to eBay CEO they only saw “a decline in user activity”.
3. Equifax (2017)
Impact: Personal information of 143 million consumers and credit card data of 209 000 consumers
Equifax is one of the biggest credit bureaus in the United State and, during September 2017, admitted that an application vulnerability on one of their websites resulted in a data breach. The data breach exposed the social security numbers, birth dates, addresses, and in some cases drivers’ license numbers of 143 million consumers.
4. Target Stored (2013)
Impact: 110 million customers
Retailer, Target, announced a data breach in December 2013 and confirmed that the credit and debit card numbers as well as the full names, addresses, email addresses and telephone numbers of approximately 40 million customers were compromised when hackers gained access via a third-party HVAC vender to Target’s point of sale payment card readers. Both the CIO and CEO or Target resigned and the company estimated the cost of the breach at $162 million.
5. Uber (2016)
Impact: The personal information of 57 million Uber users and 600,000 drivers
Uber became aware that hackers obtained the names, email addresses, and mobile phone numbers of 57 million users of the Uber app and the driver license numbers of 600,000 Uber drivers. This is, however, not the worst part of the Uber breach – Uber waited for almost a year before publicly acknowledging the breach and they paid hackers $100,000 to destroy the data in such a way that no verification was possible. At the time, Uber claimed it was a “bug bounty fee” but soon after Uber fired its CSO. The cost of the data breach for Uber was not only in monetary terms (its value dropped from $68 billion to $48 billion) but also in reputation.
Stage2Data can help your company with many of the most vital aspects of IT security. Our Security-as-a-Service (SaaS) cost-effective service can offer advanced security tools that protect data even when in the cloud, as well as 24×7 monitoring to ensure that your company never has to suffer the consequences of a data breach. Talk to our team for more information!