Cyber security and cyber essentials training has become one of the top priorities of many business owners. As a result, they are able to protect their businesses from the digital threats that are out there, including data breaches. Unfortunately, thanks to the fact that sensitive data can be sold for millions of dollars, data breaches are incredibly difficult to prevent. Hackers keep on coming up with more and more sophisticated methods of causing such breaches in order to make a profit.
In this article, you will find a list of the biggest data breaches of this century, ranging from the attack on the network that belonged to Yahoo in 2013 and the data breach at First American Corporation in 2019 to Facebook and Marriott International data leaks. Check it out!
Data breach period: 2013-2014
In 2013, Yahoo announced that hackers had gotten access to its network and stolen personal information from between 500 million and 1 billion users. The data breach occurred in 2014, but it was not revealed until 2016. The hackers used forged cookies to access the accounts of some Yahoo users, including their names, email addresses, dates of birth, telephone numbers, and encrypted passwords. Yahoo paid $50 million for the investigation of the breach, $23 million of which went to a credit monitoring firm.
Sony PlayStation Network
Data breach period: 2011-2014
The Sony PlayStation Network is a video game platform, and its users were among the victims of the biggest hack of this century. It occurred in 2011, but its extent only became clear in 2014. The attackers stole personal information, including names, email addresses, birth dates, phone numbers, login information, passwords, security questions, and home addresses. Surprisingly enough, however, they did not steal credit card info. After the attack, PlayStation Network users were advised to change their passwords. Unfortunately, in 2015, the company was once again hacked and more than 77 million users had to deal with another breach of personal info.
Data breach period: 2017-2018
In 2017, Equifax, one of the three largest credit reporting agencies in the US (the other two are Experian and TransUnion), announced that hackers had breached its network and stolen sensitive personal data from more than 145 million Americans. Equifax had been storing consumer information such as names, addresses, birth dates, Social Security numbers, and driver’s licenses, that Equifax collected from credit card companies and banks. Hackers exploited a vulnerability in Equifax’s software to gain access to the databases where this information was stored. Equifax offered free credit monitoring for all the affected Americans and assured everyone that no payment card data had been stolen. Later on, however, it turned out that this information had also been compromised. Equifax’s CEO had to step down because of this massive data breach. In 2018, the company was fined almost $700 million by the US government for the violation of consumer protection laws.
Data breach period: 2018-2019
In late September 2018, Facebook announced that hackers exploited a vulnerability in its ‘View As’ feature to access millions of users’ accounts. This feature allowed users to see how their profiles looked when viewed by other people on Facebook so that they could check if they were sharing too much or using the wrong privacy settings. In addition to accessing millions of Facebook accounts, hackers could also take control over users’ webcams and microphones. The security breach was discovered by Facebook engineers in mid-September while they were trying to fix another security flaw.
According to them, attackers could have accessed 50 million accounts without Facebook’s knowledge for nearly a month between May and July 2018. In October 2018, Facebook announced that hackers could also access private messages sent by Messenger on Android devices as well as more than six million people’s names and contact info (phone numbers and email addresses) that were stored in Facebook’s Messenger app. The same vulnerability that allowed hackers to get access to all these accounts and data also let them steal about 29 million people’s photos. If you want to better protect your account from becoming the next victim of such a massive data breach, we suggest checking out this guide on how to protect Facebook accounts from getting hacked here.
Data breach period: 2014-2019
In October 2018, Marriott International revealed that hackers had stolen the personal information of 500 million guests who stayed at one of its Starwood Hotels (Sheraton Hotels & Resorts Worldwide, Westin Hotels & Resorts, St. Regis Hotels & Resorts, Element Hotels, Aloft Hotels, W Hotels, Le Meridien Hotels & Resorts, The Luxury Collection Hotels, Tribute Portfolio), or participated in one of its SPG loyalty programs between 2014 and September 10th, 2019.
According to Marriott International’s CEO Arne Sorenson, “an unauthorized party acquired [customer] data associated with approximately 500 million guest records globally. This included some combinations of names, mailing addresses, phone numbers, and email addresses. The information also included approximately 25.2 million encrypted payment card numbers and expiration dates as well as, about 327 million records containing passport information. There is no evidence that the unauthorized third party accessed the master encryption key needed to decrypt the payment card numbers.” In December 2018 it was revealed that Marriott International failed to notify customers about this breach in a timely manner. As a result, Marriott was fined $112 million by New York State. According to New York Attorney General Barbara Underwood “Marriott failed to live up to its promise [of] timely notifying victims when their personal information was compromised.”
UPS Supply Chain Solutions
Data breach period: 2011-2012
Back in 2012, it was discovered that UPS Supply Chain Solutions Inc., which provides technology solutions for supply chain management and logistics services for small businesses and large enterprises around the world, had suffered a data breach back in 2011. The attackers gained unauthorized access to multiple servers of UPS Supply Chain Solutions Inc., probably using an SQL injection attack (i.e., injecting SQL commands into an entry field of a Web-based application). The cybercriminals then installed malware on the company’s servers through which they were able to steal commercial files containing personal information about UPS consumers. They later sold them to online spammers who used them for sending spam emails promoting dubious online pharmacies or pharmaceutical products. The latest report suggests that around 7 million people were affected by this massive data breach.
Cyber criminals and cyber hacking only seem to be growing into a bigger problem, with no signs of slowing down soon. It comes as no surprise, seeing that most people rely on the internet these days. Nearly every company uses the internet to store data, files, and personal information, so it shouldn’t surprise you that they are more likely to be attacked. It is estimated the cyber criminals have stolen more than 1 trillion dollars from the economy and it has had great impacts on many companies and businesses. Thankfully, as cyber attacks only seem to be becoming more and more common, the technology put in place to keep them out also seems to be advancing more and more every day. Which of these data breaches surprised you the most? Was there a different company on the list that you wanted to see? In any case, we can definitely expect more news like this to come out in the future.