In July of 2019, Equifax announced they would be paying the largest data breach settlement in history for compromising the personal information of 148 million people in 2017. Riding on the heels of this announcement was Capital One, who reported a massive theft of data of more than 100 million individuals of their own. Although the Capital One assailant was said to have been arrested, the damage had already been done.
Naturally, this may make you think of the security of your personal information, and what is being done to protect it. In the wake of these recent data breach incidents, we will look at some of the world’s biggest data breaches that have affected both consumers and businesses alike.
1. The Yahoo Data Breach – 2013
It wasn’t until 2017 when Yahoo realized — or fully disclosed — the significance of a data breach that originally occurred in 2013. At the time, Yahoo revealed that the names, birthdates, phone numbers, passwords, backup email addresses, and even security questions of approximately 1 billion user accounts were leaked. By 2017, Yahoo divulged that this number was significantly higher, and affected every Yahoo user — about 3 billion individuals.
The hack is said to be the biggest data breach in history and was done by cracking simple and outdated encryption measures used to protect personal information. The data breach (and subsequent announcement) came just as Yahoo was in talks to be acquired by Verizon — and ultimately lowered Yahoo’s value by $350 million.
2. The First American Financial Corporation Data Breach – 2019
This Fortune 500 company (No. 491) took a hit in May 2019 when the real estate title insurance and financial services goliath announced that upwards of 885 million financial records had been leaked. This hack included sensitive information related to mortgage deals, Social Security numbers, images of driver’s licenses, tax documents, wire transaction receipts, and bank account numbers and statements.
The flaw was found through poor security design in The First American Financial Corporation’s website, by which “all the documents were available to anyone with a browser who had a link to a single document [on] the website… no log-in or password information was needed.”
The company was criticized for not sufficiently providing security while collecting massive amounts of sensitive data from hundreds of millions of individuals. Technically, The First American Financial Corporation’s gaffe was not a data breach, but rather a glaring weakness in the design of their website application. Nevertheless, the design was easily hacked, resulting in massive financial loss, damage to the brand, and diminished consumer confidence.
3. The Facebook Data Breach – 2019
The social media giant Facebook has experienced data breaches before; however, the 2019 breach takes the cake, affecting 540 million Facebook users. Essentially, two third party Facebook app developers were to blame, exposing account names, comments, and reactions to posts.
This data was leaked by these third-party companies, as they stored data on a public Amazon cloud computing server, which was then exploited. In addition to account names and users’ reactions to comments on posts, photos, location check-ins, and unprotected passwords were also jeopardized. Facebook has been under federal investigation, and this breach may only add to the heat.
4. The Marriott International Data Breach – 2018
The Marriott International data breach is significant both in the number of individuals affected and in the particular data that was stolen. The names, addresses, credit card information, phone numbers, passport numbers, and travel details were pilfered from 500 million Marriott customers through an exploit in the hotel’s reservation database.
The nature of the data exposed during the Marriott breach is unique in that much of this confidential information can be used to carry out identity theft. Marriott saw a dip in shares and stock performance following their cybersecurity error.
5. The Yahoo! Data Breach – 2014
Back on this list for the second time is Yahoo, which suffered an additional data breach in late 2014. Unrelated to their previous breach, this hack is attributed to Russian cyber thieves (who have been charged by the FBI). Although valuable data was not said to be obtained, the state-sponsored hackers found names, email addresses, phone numbers, birthdates, passwords, and security questions and answers of 500 million user accounts. The second data breach for Yahoo only fanned the flames over concerns for both Yahoo’s and the government’s apparent lack of cybersecurity measures.
6. The Friend Finder Networks Data Breach – 2016
Friend Finder Networks Inc. is a series of adult websites that saw over 400 million user accounts illegally accessed in 2016. Usernames, email addresses, and passwords were found through a vulnerability in their servers. Even accounts thought to be “deleted” were at risk. This hack is akin to the 2015 data breach experienced by Ashley Madison — the extramarital affairs website — although Friend Finder’s losses were said to be about 10 times worse.
Many of the world’s largest data breaches have been made possible by inadequate cybersecurity measures. While a company may not be able to prevent a data breach completely, it can provide a security solution to minimize the damage done by a wide-scale data breach and insulate the individual users (and their data) from being exposed. Due to the many interactions and online services facilitated by business websites, several layers of security should be deployed. This includes securing the many modes of communication and consumer identification used to make purchases, create accounts, or interact with brands and platforms online.