Categories: Data Breach

The 6 Biggest Data Breaches of This Century

Cyber security and cyber essentials training has become one of the top priorities of many business owners. As a result, they are able to protect their businesses from the digital threats that are out there, including data breaches. Unfortunately, thanks to the fact that sensitive data can be sold for millions of dollars, data breaches are incredibly difficult to prevent. Hackers keep on coming up with more and more sophisticated methods of causing such breaches in order to make a profit.

In this article, you will find a list of the biggest data breaches of this century, ranging from the attack on the network that belonged to Yahoo in 2013 and the data breach at First American Corporation in 2019 to Facebook and Marriott International data leaks. Check it out!

Yahoo

Data breach period: 2013-2014

In 2013, Yahoo announced that hackers had gotten access to its network and stolen personal information from between 500 million and 1 billion users. The data breach occurred in 2014, but it was not revealed until 2016. The hackers used forged cookies to access the accounts of some Yahoo users, including their names, email addresses, dates of birth, telephone numbers, and encrypted passwords. Yahoo paid $50 million for the investigation of the breach, $23 million of which went to a credit monitoring firm.

Sony PlayStation Network

Data breach period: 2011-2014

The Sony PlayStation Network is a video game platform, and its users were among the victims of the biggest hack of this century. It occurred in 2011, but its extent only became clear in 2014. The attackers stole personal information, including names, email addresses, birth dates, phone numbers, login information, passwords, security questions, and home addresses. Surprisingly enough, however, they did not steal credit card info. After the attack, PlayStation Network users were advised to change their passwords. Unfortunately, in 2015, the company was once again hacked and more than 77 million users had to deal with another breach of personal info.

Equifax

Data breach period: 2017-2018

In 2017, Equifax, one of the three largest credit reporting agencies in the US (the other two are Experian and TransUnion), announced that hackers had breached its network and stolen sensitive personal data from more than 145 million Americans. Equifax had been storing consumer information such as names, addresses, birth dates, Social Security numbers, and driver’s licenses, that Equifax collected from credit card companies and banks. Hackers exploited a vulnerability in Equifax’s software to gain access to the databases where this information was stored. Equifax offered free credit monitoring for all the affected Americans and assured everyone that no payment card data had been stolen. Later on, however, it turned out that this information had also been compromised. Equifax’s CEO had to step down because of this massive data breach. In 2018, the company was fined almost $700 million by the US government for the violation of consumer protection laws.

Facebook

Data breach period: 2018-2019

In late September 2018, Facebook announced that hackers exploited a vulnerability in its ‘View As’ feature to access millions of users’ accounts. This feature allowed users to see how their profiles looked when viewed by other people on Facebook so that they could check if they were sharing too much or using the wrong privacy settings. In addition to accessing millions of Facebook accounts, hackers could also take control over users’ webcams and microphones. The security breach was discovered by Facebook engineers in mid-September while they were trying to fix another security flaw.

According to them, attackers could have accessed 50 million accounts without Facebook’s knowledge for nearly a month between May and July 2018. In October 2018, Facebook announced that hackers could also access private messages sent by Messenger on Android devices as well as more than six million people’s names and contact info (phone numbers and email addresses) that were stored in Facebook’s Messenger app. The same vulnerability that allowed hackers to get access to all these accounts and data also let them steal about 29 million people’s photos. If you want to better protect your account from becoming the next victim of such a massive data breach, we suggest checking out this guide on how to protect Facebook accounts from getting hacked here.

Marriott International

Data breach period: 2014-2019

In October 2018, Marriott International revealed that hackers had stolen the personal information of 500 million guests who stayed at one of its Starwood Hotels (Sheraton Hotels & Resorts Worldwide, Westin Hotels & Resorts, St. Regis Hotels & Resorts, Element Hotels, Aloft Hotels, W Hotels, Le Meridien Hotels & Resorts, The Luxury Collection Hotels, Tribute Portfolio), or participated in one of its SPG loyalty programs between 2014 and September 10th, 2019.

According to Marriott International’s CEO Arne Sorenson, “an unauthorized party acquired [customer] data associated with approximately 500 million guest records globally. This included some combinations of names, mailing addresses, phone numbers, and email addresses. The information also included approximately 25.2 million encrypted payment card numbers and expiration dates as well as, about 327 million records containing passport information. There is no evidence that the unauthorized third party accessed the master encryption key needed to decrypt the payment card numbers.” In December 2018 it was revealed that Marriott International failed to notify customers about this breach in a timely manner. As a result, Marriott was fined $112 million by New York State. According to New York Attorney General Barbara Underwood “Marriott failed to live up to its promise [of] timely notifying victims when their personal information was compromised.”

UPS Supply Chain Solutions

Data breach period: 2011-2012

Back in 2012, it was discovered that UPS Supply Chain Solutions Inc., which provides technology solutions for supply chain management and logistics services for small businesses and large enterprises around the world, had suffered a data breach back in 2011. The attackers gained unauthorized access to multiple servers of UPS Supply Chain Solutions Inc., probably using an SQL injection attack (i.e., injecting SQL commands into an entry field of a Web-based application). The cybercriminals then installed malware on the company’s servers through which they were able to steal commercial files containing personal information about UPS consumers. They later sold them to online spammers who used them for sending spam emails promoting dubious online pharmacies or pharmaceutical products. The latest report suggests that around 7 million people were affected by this massive data breach.

Summary

Cyber criminals and cyber hacking only seem to be growing into a bigger problem, with no signs of slowing down soon. It comes as no surprise, seeing that most people rely on the internet these days. Nearly every company uses the internet to store data, files, and personal information, so it shouldn’t surprise you that they are more likely to be attacked. It is estimated the cyber criminals have stolen more than 1 trillion dollars from the economy and it has had great impacts on many companies and businesses. Thankfully, as cyber attacks only seem to be becoming more and more common, the technology put in place to keep them out also seems to be advancing more and more every day. Which of these data breaches surprised you the most? Was there a different company on the list that you wanted to see? In any case, we can definitely expect more news like this to come out in the future.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors…

2 hours ago

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers…

5 hours ago

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious…

6 hours ago

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022…

6 hours ago

Critical Laravel Vulnerability CVE-2024-52301 Allows Unauthorized Access

CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building…

7 hours ago

4M+ WordPress Websites to Attacks, Following Plugin Vulnerability

A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin, formerly…

9 hours ago