X

The 16 Biggest Data Breaches Of The 21st Century

Data breach is defined as an incident of unauthorized access or theft or unauthorized disclosure of protected/ sensitive/ classified data such as financial/ banking information, personal details, classified data, government secrets, intellectual property, contact information, etc.

The 21st century has seen several such data breaches that happen on an everyday basis. To avert such cybersecurity crises and develop comprehensive strategies, there are cybersecurity courses in India offered by top-notch institutions and taught by industry and academic experts.

The 16 biggest data breaches of the 21st century, not only in terms of the number of records compromised but in terms of the intensity of damage and depth of risk, are discussed below.

Yahoo: One billion Yahoo users’ names, email addresses, phone numbers and date of births were comprised in two of the biggest data breach of the century in 2013 and 2014. The passwords, security questions and answers of these accounts were hacked using a robust bcrypt algorithm. The erstwhile Internet giant’s valuation took a nosedive.

Friend Finder Network: Hackers breached into 20 years of personal details and passwords of over 412 million users from 6 databases on this adult network in 2016 owing to the weak hashing algorithm that protected passwords.

e-Bay: A data breach of 145 million users of the cyber auction website in 2014 exposed personal details and encrypted passwords through insider access obtained by hackers of three of the company’s employees for nearly 8 months. Though financial data was secure, this breach did reduce user activity.

Equifax: Owing to application vulnerability on one of their websites in 2017, data relating to social security numbers, addresses, date of birth, driving license numbers and other such personal information of nearly 148 million customers of one of USA’s largest credit bureaus was exposed. Around 209,000 consumers’ credit card details were also exposed through this breach.

Heartland Payment Systems: A data breach into credit and debit card details of 134 million users (retailers) in 2008 through spyware installed by SQL injection led to fraudulent transactions made through the stolen card details for over a year before it was caught. Heartland was disallowed from processing payments for major credit card companies thereafter and the company paid $145 million in compensation.

Target Stores: The Point-of-Sale (POS) machines of this large US retailer were infected by hackers who stole credit/ debit card details and/or personal information of 110 million customers in a matter of weeks and costing the company $162 million.

TJX Companies Inc.: The nature of the breach has two conflicting theories: one that the weak data-encryption system was hacked and the other that the job application kiosk at the store was hacked into. The breach exposed credit/ debit cards details of 94 million customers.

JP Morgan Chase: Though money was not stolen through the data breach in 2014, personal and confidential information of 76 million households and 7 million small businesses were compromised, and accounts were used for money laundering, identity theft and wire fraud.

US Office of Personnel Management: Detailed security clearance data and fingerprints of 22 million current and former federal employees of the US was exfiltrated by hackers from 2012-14.

Sony PlayStation Network: In the worst gaming community breach, login credentials, personal details, purchase history, PSN/ Qriocity logins, credit card numbers of 102 million users were compromised in 2011.

Anthem: Nearly 80 million current and former customers’ personal information including social security numbers and employment history of the second-largest US health insurer were breached into and used for identity theft in 2015.

Stuxnet: This cyber-attack by the malicious Stuxnet worm that targeted Siemens SCADA systems has physical manifestations in that it destroyed Iran Nuclear program’s 984 uranium enrichment centrifuges in 2010.

Home Depot: Credit/ debit card details of 56 million customers were infringed upon in 2014. The malware in the POS system was disguised as anti-virus software.

Adobe: In 2013, Adobe revealed that 38 million users’ personal information, password and credit/debit card information were exposed through the hack and cost the company over $1 million in compensation for the breaches.

Uber: The breach that exposed the personal information of 57 million Uber users and 600,000 drivers in 2016 caused severe damage to the company’s coffers and reputation owing to the way the aftermath was handled.

Verisign: This cyber-attack of 2010 was not disclosed for a whole year and even when revealed the nature of the attack and information exposed was not disclosed.

These data breaches have left the users of digital services and the Internet vulnerable and have cost millions to the companies. By equipping yourself with knowledge, practices and skills to draft and execute comprehensive cybersecurity strategy, you will be an asset to your organization and several others. To do so, you should enrol yourself in one of the best cybersecurity courses in India and give yourself a competitive edge.

Sakshi :