It seems that you don’t have to look very far these days to see the impact of security breaches on our lives. We all have anxieties about our information being stolen or passed on to other resources. But while are there so many companies out there who have sophisticated security methods, it still leaves us concerned as to the security of our own data in the hands of these large companies. And while it may be an oversight to think that it’s just smaller companies who have limited protection methods, just because their finances are limited. In fact, it’s the big companies that we’ve got to keep an eye on.
There have been so many security breaches in the last few years, and here are some of the biggest.
This giant of a company announced in September 2016 that a couple of years prior that they were the victim of a data breach. This was the biggest in all of history. Over three billion accounts had been hacked, including the real names, dates of birth, as well as email addresses and telephone numbers of Yahoo! users. In fact, they were subject to breaches in 2013 as well as 2014, where 500 million users were compromised.
The king of online auction sites reported in May 2014 that 145 million users (all of them) had their names, addresses, and dates of birth, as well as encrypted passwords, hacked. As a result, eBay asked its customers to change their passwords, but luckily the financial details were stored separately and weren’t subject to the hack. The biggest retail business hack of all time did result in a decline in user activity. What can we learn from this? Well, if you are a retail business, having different details stored on different devices is a common sense approach to undertake. While a lot of us feel we are doing enough to protect our data, it clearly shows that sites like eBay aren’t immune to cyberterrorism. Make the most of your resources, and companies like ATB Technologies have a resource library that we can all make use of. The scariest aspect of this hack is that the perpetrators had inside access for 229 days! They did this by using the credentials of 3 employees. If this isn’t the lesson in changing your password regularly, then who knows what it is?
Heartland Payment Systems
In March 2008, 134 million credit cards details were exposed via SQL Injection. It wasn’t discovered until January 2009, when MasterCard and Visa notified the company of questionable transactions through accounts they had processed. The vulnerability many businesses faced with regards to SQL Injection was nothing new, and in fact, security analysts had been warning retailers for many years prior to the attack. SQL injection was the most commonplace form of attack of the time.
Adult content and casual hookup websites are ground feed for hackers. And the FriendFinder network was subject to a hack in the middle of October 2016, where user details were being leaked out of cybercrime forums. It transpired that the password protection algorithm was a weak one, the SHA-1 hashing algorithm resulted in 99% of the hacked passwords. Overall, 412 million accounts were hacked.
Confined to the past now, MySpace was the giant of social media over a decade ago. This hack was partly the result of users being able to find out that they could embed their own content on their page, and instead of fixing the problem, the administrators of MySpace allowed it to happen. Overall, 316 million accounts were compromised. Email addresses, as well as usernames and poor passwords, highlighted that the breach was typical of the mid-2000s, not least because of the references to Blink 182. Those were the days, eh?
Consumer credit reporting agency Equifax reported in September 2017 that a security breach took place from May until July! In total, 145 million users were affected by the security breach. While it’s not the largest of data breaches, the sensitive nature of information, from birth dates, social security numbers, and even driver license numbers could have resulted in many perpetrators committing fraud by posing as those users to set up agreements like mortgages, loans, or credit cards.
American retail giant Target had 110 million records hacked. This occurred during the post Thanksgiving shopping surge. In 2013, hackers had infected the payment card readers, resulting in them escaping with 40 million credit and debit card numbers. In addition to this, contact information had been compromised, with over 70 million customers names, addresses and telephone numbers stolen.
National Archive And Records Administration
It’s important to remember that not all data breaches are the result of criminals. In 2008, a hard drive at the NARA, containing the private information of 76 million American military veterans, was sent off to repair after it stopped working. Rather than being destroyed on site, a government contractor sent this drive out to be scrapped. However, it transpired that it was unclear as to whether the drive was destroyed or not. After an investigation, the NARA changed its policies relating to the destruction of storage devices containing sensitive information. While it’s argued that a data breach did not occur, the fact that the company changed its policies speaks volumes.
The result of infection at the point of sale systems in this hardware supply store in April or May of 2014, this resulted in customer credit and debit cards being stolen. The malware in question pretended to be an antivirus package. This was the largest steal of payment cards resulting from a direct attack on a company. Although luckily, this didn’t deter customers.
This healthcare company admitted that in February 2015, 80 million records were stolen by hackers. The attack was a result of phishing emails that was sent to five employees. As is the typical setup of phishing scams, these employees downloaded Trojan software, resulting in the attackers obtaining passwords. This company is a parent of healthcare providers like Blue Shield, and the theft of millions of medical records was thought to be worth 10 times the amount of the credit card information.
In October 2016, the details of 57 million drivers were hacked via Uber engineers’ credentials from a GitHub account. Uber didn’t reveal this information until November 2017. Instead, the company tried to keep it under wraps and paid the hackers $100,000 to stop them releasing the data. This doesn’t seem to have deterred the businesses dominance over the taxi market.
One of the more famous in recent years, the staff at Sony Pictures Entertainment had their computer screens hijacked by a grinning skull. This was the result of a group called Guardians of Peace, threatening to release company information if certain demands were not met. Unpublished scripts, internal passwords, as well as emails and passports belonging to actors and internal workers, showed up on file sharing sites. In addition to this, four unreleased Sony movies were released, including the Seth Rogen vehicle The Interview (51% on Rotten Tomatoes!). In total, over $100 million of monetary damages were estimated as a result of this hack.
It’s not always the most straightforward of businesses that get hacked. This pizza chain revealed that its website and app were hacked in October 2017, resulting in personal information being compromised. It’s unclear how many customers were affected, but roughly 60,000 US customers have been reported as having had their billing information, including email addresses and delivery addresses, stolen.
This British health insurance provider suffered a data breach in July 2017, not as a direct result of an external cyber criminal, but an employee. This Bupa worker copied and removed sensitive information, but no medical information was released. Although, names, dates of birth, and some minimal contact information were removed. In total, 500,000 customers were affected.
This payday loan company was affected by 245,000 customers having extremely sensitive information, including bank account numbers, stolen. The company has not divulged where this took place, but this was the result of the company not realizing that data could be accessed externally until April 2017.
Nationwide Building Society
It seems that not even your money is safe. An unencrypted laptop was stolen from a company employee in this UK building society, compromising the personal information of 11 million customers! The Financial Services Authority fined Nationwide Building Society £980,000, which was the record for data loss penalty at the time, but it’s nice to know that your money is being well looked after, isn’t it?
This is a concern for every person in the world, from business owners to customers. While there’s only so much we can do to take our law into our own hands, this reinforces the notion that we’ve got to be on top of our form data, from passwords and email addresses. It’s important to get clued up in what you can do to protect your data, but, unfortunately, we need to trust those that are handling sensitive data. Instead, it’s best to refuse as much personal information as you can when filling out forms online. These are the biggest breaches of all time, and it’s a sign of the modern world.