Security Breach Horror Stories

Data breaches used to be big news but lately they come at such a regular and rapid pace it is hard to tell one from another.  Here’s a look at the top Security Breach Horror Stories:

Sony (2011) – 77,000,000 records.  Sony’s network was compromised and 77 million records containing personally identifiable information was stolen – all in un-encrypted format.

Zappos (2012) – 24,000,000 records.  Known for their excellent customer service, Zappos was reported to have disconnected their phones after reporting the loss of 24 million records including names and addresses.

Target (2013) – 70,000,000 records. Malware installed on POS systems allowed hackers to steal card numbers, expiration dates and cvv codes.  The brand was notified of the attack by American secret services because of abnormal bank activities. In the end, it was discovered that the hackers first breached a small HVAC contractor who was a vendor of Target, then into Target’s systems via the vendors ERP connection to Target.

Yahoo (2014) – 500,000,000 accounts.   Data stolen included names, email addresses, telephone numbers and dates of birth. But, according to Yahoo, no financial data was stolen.  The breach wasn’t reported by Yahoo until 2016!

HomeDepot (2014) – 56,000,000 records.  Much like the Target attack, hackers installed malware on the self-checkout registers and made off with 56 Million records containing credit card data.

U.S. Office of Personnel Management (2015) – 21,500,000 records.  Hackers broke into the OPM system and stole the personnel records, including fingerprint data, of 21.5 million people who had undergone background checks or applied for federal employment.

Anthem (2015) – 78,800,000 records.  In a targeted attack, hackers were able to penetrate Anthem’s network, break into a database and grab personal data for almost 80,000,000 people.

IRS (2015) – $50,000,000.  Hackers used information from previous attacks to request copies of past tax returns then used the information to file updated tax returns triggering large refunds.  Over 300,000 taxpayers were affected.

Ashley Madison (2015) – 37,000,000 records.  One of the most embarrassing data breaches, given that Ashley Madison catered to individuals seeking an illicit affair.  As fate would have it, a data analyst looked closely at the data and discovered the majority of the ‘women’ on the site were actually chat-bots created by Ashley Madison designed to trick men into spending money.

Democratic National Committee (2016) – 19,000 emails.  Sensitive emails and attachments belonging to top staffers at the DNC were stolen, exposing strategy and donor information, as well as a clear anti-Bernie Sanders bias.

MySpace (2016) – 360,000,000 accounts.  Honestly, I didn’t even know MySpace still existed!  The data stolen from the website included email addresses and passwords.

Equifax (2017) – 143,000,000 records. Hackers took advantage of a recently reported vulnerability in open-source software the company was using.  Even though there was a fix issued, Equifax had not yet applied the patch.

Deloitte (2017) – Email from 350 clients.  Deloitte, which has a significant cyber security practice, had it’s email breached exposing data for 350 clients.

 

These are just the big ones that make national news.  Check out Healthcare IT News, Biggest Healthcare Data Breaches of 2018 (so far) if you want an eye opening read.

Regardless of industry or business size, every business is at risk of a data or security breach. That’s tough to hear, but it’s true. If your company hasn’t experienced a security breach yet, consider yourself lucky. But that doesn’t mean one couldn’t possibly be waiting around the corner. When it comes to customer information and data privacy, a security breach of any size is too large and too damaging. So, put in the work now to build a cybersecurity strategy that protects your organization, your employees and your customers for the long term.

Two things to consider:

First, while the breaches I detailed above are mostly associated with larger/national/international companies, it is SMBs that face the greatest risk related to security.  See my post Why SMBs are the Perfect Target for Hackers.

Second, with current data breach notification standards and the recently introduced Act To Strengthen Identity Theft Protections, it is no longer acceptable for SMBs to claim ignorance when it comes to cybersecurity.  As a group, SMBs hold more data, but have fewer standards around security making them easy targets.

More questions about data privacy and security?

Join us in May for a deeper dive into the world of cybersecurity. We’ll have the answers you need to limit your risk and vulnerabilities. The webinar will be hosted by Stuart Powell, who will explore data breaches and the protective measures you can put in place should a breach happen. With cyber coverage, your business can have an added layer of protection, should a data breach or cyber attack come for you.

Register for this webinar here.