The Largest Data Breach of This Century Affected A Shocking Number of People
Living in the internet age is glorious. However, with all of our information floating around, it’s easier than ever to get taken advantage of. We trust major companies with our personal details including our legal names, home addresses, telephone numbers, email addresses, and at times our social security numbers or credit card information. While most companies have substantial security measures in place to combat cyber attacks, that hasn’t always stopped data breaches. Luckily, passwords usually encrypt your information which prevents it from being visible to everyone.
In the 21st century, we’ve seen massive data breaches where a shocking number of people have had their information leaked. Usually, this causes an enormous headache not just for consumers and users but for companies as a whole who have to deal with the fallout. The largest data breach of this century was jaw-dropping (page 15).
15. US Office of Personnel Management (OPM)
- Breach impact: Personal information of 22 million current and former federal employees
Back in 2012, Chinese hackers exfiltrated personal data from the US Office of Personnel Management (OPM)’s systems; this included detailed security clearance information and fingerprint data. The breach was not discovered until 2014, and by then the damage was already done. It was a significant breach not just in personal information but, for National Security as a whole.
Former FBI director James Comey spoke about the information leak saying, “My SF-86 lists every place I’ve ever lived since I was 18, every foreign travel I’ve ever taken, all of my family, their addresses. So it’s not just my identity that’s affected. I’ve got siblings. I’ve got five kids. All of that is in there.”
Next: A security company that got their employees’ data breached.
14. RSA Security
- Breach impact: 40 million employee records
When you’re a security company, it’s pretty horrible to watch 40 million of your employees’ records get breached, but that’s what happened to RSA Security in March 2011. Two separate hacker groups worked in collaboration with a foreign government to attack RSA employees. They posed as folks the employees trusted to get into the company’s network.
RSA had to spend $66 million to clean up the catastrophe. Jennifer Bayuk, an independent information security consultant and professor at Stevens Institute of Technology told SearchSecurity in 2012 that the breach was, “a huge blow to the security product industry because RSA was such an icon. They’re the quintessential security vendor. For them to be a point of vulnerability was a real shocker. I don’t think anyone’s gotten over that. ” Yikes.
Next: A worm set up to attack Iran’s nuclear’s system.
- Breach impact: Helped disrupt power grids, water supplies, and public transportation systems across the globe.
It’s certainly scary to have your personal information stolen, but it’s also pretty terrifying when a malware attack can literally shut down systems around the globe. In 2005, Stuxnet, which is a malicious worm, was put in place to attack Iran’s nuclear power program. However, we all know that type of power can be catastrophic, and it was. Nothing much happened in the United States from Stuxnet (after all the rumor is this was a joint effort from US and Israel, though it was never confirmed.)
However, the fallout in Iran was terrible. Stuxnet ultimately attacked Iran’s nuclear program by destroying an estimated 984 uranium enrichment centrifuges by 2010.
Next: A home improvement store that had to repay $19.5 million to its customers.
12. Home Depot
- Breach impact: 56 million customers credit/debit card information was stolen
There is perhaps no other place (besides Lowes) that Americans turn to when they want to fix things around their home. Home Depot is trusted for all of your hardware and building supplies. Unfortunately, in Sept. 2014, the company announced that beginning in April or May of that same year, their point of sale system (POS) had been compromised. Essentially, that means their checkout machines were hacked. Home Depot had installed what they believed to be an anti-virus on their POS system, but instead, it turned out to be “unique, custom-built” malware.
The fallout was pretty massive. In 2016, Home Depot had to pay at least $19.5 million to repay US consumers. They also had to put $6.5 million towards cardholder identity protection services for a year and a half. The settlement covered 40 million people who had payment card data stolen, and more than 52 million people who had email addresses stolen. Some of those folks had both of those things taken.
Next: A ride-sharing app that tried to cover up a cyber attack.
- Breach impact: 57 million Uber users and 600,000 drivers had their personal information exposed
In late 2016, two hackers released the names, email addresses, and mobile phone numbers of 57 million users of the Uber app. They also got the driver license numbers of 600,000 Uber drivers. Luckily, no credit card or Social Security information was stolen during the hack.
Unfortunately, the worst part about this data breach was the way that Uber handled it. Uber did not let the public know about the breach until a year after it happened. They paid the hackers $100,000 to destroy the data, even though they never got any proof that it actually was destroyed. The company threw their CSO under the bus, firing him and blaming it for the breach. The attack cost Uber money and their reputation. The value of the company dropped from $68 billion to $48 billion.
Next: The worst gaming community data breach of all-time.
10. Sony’s PlayStation Network
- Breach impact: 77 million PlayStation Network accounts hacked
The worst gaming community data breach of all-time occurred on April 20, 2011, when hackers gained access to Sony’s PlayStation Network hacking over 77 million accounts. The hackers gained access to full names, passwords, e-mails, home addresses, purchase history, credit card numbers, and PSN/Qriocity logins and passwords.
The site had to be closed down for a month for Sony to determine the damage and fix it which caused the company to lose upwards of $171 million in revenue. In 2014, Sony agreed to a preliminary $15 million settlement in a class action lawsuit over the breach.
Next: The second-largest health insurer in the States had a ton of their data leaked.
- Breach impact: 78.8 million current and former customers
The healthcare system can already be a headache and a half, which is why 78.8 million current and former customers of Anthem which happens to be the second-largest health insurer in the U.S were horrified to have all of their private files leaked. Back in Feb. 2015, a cyber attack exposed the names, addresses, Social Security numbers, dates of birth, and employment histories of millions of folks.
Fortune reported that a foreign government likely hired hackers to breach the company which has since cost Anthem $100 million. In 2016, Anthem said that no data had been shared fraudulently and that no credit or debit card information had been stolen.
Next: The biggest bank in the nation was hacked
8. JP Morgan Chase
- Breach impact: 76 million households and 7 million small businesses
JP Morgan Chase, the largest bank in the nation, was hacked in July 2014, and the results were anything but pretty. 76 million households, which is more than half of all households in the U.S. plus 7 million small businesses had their data breached. That included names, addresses, phone numbers, and email addresses. It also included internal information about the users.
Luckily, no money was stolen, and no account numbers, passwords, user IDs, dates of birth or Social Security numbers were comprised. In November 2015, federal authorities indicted four men, charging them with the JP Morgan hack plus other financial institutions. JP Morgan spends $250 million on security every year, but after this attack, we’re sure they beefed it up even more.
Next: A breach at this compnay exposed 94 million credit cards.
7. TJX Companies, Inc.
- Breach impact: 94 million credit cards exposed
We adore TJ Maxx, Home Goods, and Marshalls for all of their delightful and affordable items. However, fans of TJX Companies got quite the shock in Dec. 2006 when 94 million people had their credit cards exposed. Albert Gonzalez, a hacking legend, either took advantage of the company’s poor data encryption system and stole credit card data during a wireless transfer between two Marshall’s stores in Miami or he and his minions broke into in-store kiosks.
Gonzalez was convicted of 20 years in prison and 11 others were arrested. The TJX breach cost companies, banks, and insurers close to $200 million.
Next: This cyber attack at this retail giant cost the CIO and CEO their jobs.
- Breach impact: Credit/debit card and contact information of 110 million people compromised
Just before Thanksgiving in 2013, hackers gained access to Target’s point-of-sale (POS) payment card readers, but the breach was not actually discovered until December. The information that was compromised included full names, addresses, email addresses, and telephone numbers.
The cyber attack cost Target a whopping $162 million, and by March of 2014, the company’s CIO resigned. Target’s CEO followed in May. Luckily Target made significant security improvements as a result. The thought of not having our beloved Target in our lives is unbearable.
Next: This payment systems company was banned from processing payments after they were hacked.
5. Heartland Payment Systems
- Breach impact: 134 million credit cards exposed
In March 2008, Albert Gonzalez and two unnamed Russian accomplices injected a spyware on Heartland’s data systems. At the time, Heartland was responsible for processing 100 million payment card transactions per month for 175,000 merchants. The breach was not discovered until Jan. 2009 when Visa and MasterCard notified Heartland that something was up.
When things were looked into further, Heartland was deemed out of compliance with the Payment Card Industry Data Security Standard (PCI DSS) and was not allowed to process the payments of major credit card providers until May 2009. The company also had to pay out $145 million for compensation.
Next: 143 million people got their data exposed after this breach.
- Breach impact: Personal information of 143 million people, also 209,000 consumers had their credit card data exposed.
On July 29, 2017, an application vulnerability on Equifax’s website exposed the personal details of over 143 million people. Equifax is one of the largest credit bureaus in the U.S. The breach was discovered in July 2017, but it had probably gone on since May.
In a statement, Equifax said, “Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.”
Next: This auction giant exposed ALL of their users’ cyber info when they were attacked.
- Breach impact: 145 million users compromised
In May 2014 a cyber attack against eBay, exposed names, addresses, dates of birth, and encrypted passwords of all of its 145 million users. Anyone who had ever used the auction giant was compromised. Hackers gained access using the credentials of three corporate employees for 229 days.
Luckily, no credit card information was stolen. CEO John Donahue said the breach resulted in a decline in user activity. eBay urged their customers to change their passwords.
Next: This attack was both scary and humiliating.
2. Adult Friend Finder
- Breach impact: Over 412.2 million accounts
Adult Friend Finder is a part of The FriendFinder Network, which includes casual hookup and adult content websites. In Oct. 2016, 20 years of data across the network was breached. It included names, email addresses, and passwords of over 400 million users. The Friend Finder Network only protected passwords using a very weak algorithm which was easily hacked.
AFF Vice President Diana Ballou issued a statement saying, “We did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.” However, it was still embarrassing for those who got their information leaked. LeakedSource.com published the entire set of data on Nov. 14, 2016.
Next: The largest data breach of all time.
Breach impact: 3 billion user accounts
The largest data breach of the 21st century affected 3 billion user accounts on Yahoo! In 2016, while trying to negotiate a sale to Verizon, Yahoo! had to announce that back in 2014, they’d be the victim of the most significant data breach in history. The hack affected the real names, email addresses, dates of birth, and telephone numbers of 500 million users. By announcing this hack, Yahoo! tried to the bury the fact that in 2013, they had been breached by a different group of hackers who compromised 1 billion accounts.
In 2017, Yahoo! revised their original statements saying that it was actually 3 billion user accounts that were compromised. This happened from 2013 to 2014. With news of this massive breach in the public, Yahoo! had to slash their sale price by $350 million. Verizon eventually did buy Yahoo! for $4.48 billion but that was not what Yahoo! was hoping for. At one point, the company which was founded in 1994 was worth upwards $100 billion; the breach was quite a loss.