The Biggest Data Breaches by Region & Sector

Data security is one of the largest concerns impacting the world today. As we are storing and a heavily relying on computers and smartphones it poses a number of potential threats to the data we are storing. Data can get lost due to system failure, corrupted by a computer virus, deleted or altered by a hacker. The increasing sophistication of cyber-attacks coupled with the overall lack of cybersecurity has led to the greatest data breaches and the loss of data records on a global scale.

Some facts on data breaches:

·         Over 14,717,618,286 records have been lost or stolen since 2013 due to data breaches.

·         3,353,178,708 records were compromised in the first half of 2018.

·         In 2017, 86% of all breaches worldwide occurred in North America.

·         One year later, 45.9% of data breaches in the US were in the business sector.

 

Cybercriminals exposed 2.8 billion consumer data records in 2018, costing more than US$654 billion to U.S. organizations and in Q1 2019 cyberattacks on US financial services organizations alone cost the industry US$6.2 billion up from just US$ 8 million in Q1 2018

Overview of The Biggest Data Breaches by Region & Sector [hide]

Reason for data breach

  • Weak and Stolen Credentials, a.k.a. Passwords – A weak or lost password that is the vulnerability that is being exploited by the opportunist hacker. Stats show that 4 in 5 breaches classified as a “hack” in 2012 were in-part caused by weak or lost (stolen) passwords
  • Back Doors, Application Vulnerabilities – Flaws in software applications which are poorly written or network systems which are poorly designed or implemented, they leave holes that hackers get easy access to your data
  • Malware – Malware is, by definition, malicious software: software loaded without intention that opens up access for a hacker to exploit a system and potentially other connected systems.
  • Social Engineering – It is a technique used by hackers by persuading others with a more legitimate claim to the much sought after data, to create it for you?
  • Insider Threats – The rogue employee, the disgruntled contractor or simply those not bright enough to know better have already been given permission to access your data.

Data breaches overview

Every year data breaches are reported across the world across all sectors. In July’19 Facebook was fined US$5 billion for giving access to political research firm Cambridge Analytica to 87 million FaceBooks user’s data without their knowledge in 2018 while in 2018 hackers got access to 500 million customers data of Marriott International and the data stolen were preferred guest number, contact info, passport number. Marriott also believed that credit card information of more than 100 million customer were also stolen. In 2013 Yahoo reported the biggest data breach in history where all 3 billion user’s data of Yahoo were compromised.

North America has been prime target of hackers as it accounted for 86% of total data breaches in the world followed by Europe and Asia Pacific which accounts for 6% each. Social media accounts for 56% of total data breaches in the world followed by hospitality and technology sector with 11% and 5% respectively. 

10 Biggest Data breaches

1)       Yahoo

Data Breached: 3 billion user accounts

In Sep’16, US Based web service provider announced the biggest data breach in history two years after the actual attack took place. The attack compromised the user’s data that includes the real names, email address, date of birth and telephone numbers of 500 million users. In Oct’17, the company revised the estimate and announced all 3 billion users accounts were hacked 

The company lost an estimate of US$350 million of Yahoo’s sale price to Verizon. It was ultimately sold for US$4.48 billion instead of US$4.8 billion

2)       Marriott International

Data Breached: 500 million customers data

In Nov’18, US based diversified hospitality company announced data breach of ~500 million customers. The data breach took place starting in 2014 from the system supporting Starwood hotel brand which remain in the system when Marriott acquired it in 2016. The data compromised were name, contact information,18.5 million passport number and other personal information. Marriott believed that 9.1 million credit card numbers and expiration dates of over 100 million user’s data were also compromised.

3)       Adult Friend Finder Network

Data Breached: 412.2 million user accounts

In 2016, US based adult dating and entertainment company’s 412.2 million accounts were compromised through six compromised databases. Most of the passwords were protected only by the weak SHA-1 hashing algorithm, which meant that 99 percent of them had been cracked by the time LeakedSource.com published its analysis of the entire data set on Nov’14. The data compromised were names, email addresses and passwords

 

4)       eBay

Data Breached: 145 million accounts

In May’14, US based e-commerce company reported data breach of 145 million users accounts and the data exposed were names, address, dates of birth and passwords. The company said hackers got into the company network through its employee’s credentials and had access into the network for 229 days.

The company said the breach resulted in a decline in user activity, but had little impact on the bottom line

5)        Equifax 

Data Breached: 147 million accounts

In Sep’17, US based consumer rating company Equifax announced the cybersecurity incident where 147 million US consumers data were compromised. Data was unauthorised accessed were personal information (including Social Security Numbers, birth dates, addresses, and in some cases drivers’ license numbers) of 147 million consumers.

Equifax and Federal Trade commission reached an agreement for the company to pay US$575 million to US$700 million to compensate those whose personal data was exposed

6)       Heartland Payment Systems

Data Breached: 134 million credit cards

In Jan’09, US based payment processing company Heartland Payment Systems reported data breach incident and hackers managed to stole more than 130 million credit card numbers from Heartland and about 4.2 million from Hannaford. The hackers used SQL injection attack to break into the system of Heartland

At the time of the breach, Heartland was processing 100 million payment card transactions per month for 175,000 merchants and the company also paid out an estimated US$145 million in compensation for fraudulent payments.

7)       Target Stores

Data Breached: 40 million Credit/debit card information and 70 million customers personal information

In Dec’13, US based retail chain Target Stores reported data breach of 110 million customers that includes 40 million Credit/debit card information and 70 million customers personal information. The hackers believed to have accessed through third party vendor, Fazio Mechanical Services, which is a heating, ventilation, and air-conditioning firm and broke into target network to install POS malware

The incident cost the credit card unions over US$200 million for just reissuing cards. Also, the Company paid US$18.5 million to settle claims of 47 US states and District of Columbia and resolve multi state investigations

8)       TJX Companies, Inc

Data Breached: 85.6 million credit cards data

In 2007, US based retail company announced it suffered unauthorized intrusion into its computer systems that process and store information related to customer transactions. The company said 45.6 credit and debit card information were stolen from its system. This incident took place in addition to 40 million records compromised in 2005. The hackers supposed to have taken advantage of weak data encryption system and stole credit card data during a wireless transfer between two Marshall’s stores in Miami, Fla

The company estimated that the data breach cost them US$256 million. The cost includes fixing the company’s computer system and dealing with lawsuits, investigation and other claims arising from the breach

 

9)       Facebook

Data Breached: 87 million accounts

In Mar’18, US based online social media and social networking company announced the data breach of 50 million Facebook profiles by Cambridge Analytica. The information was allegedly used to map out voter’s behaviour in 2016 for both the Brexit campaign and the US presidential election. Later the company increased the estimated account impacted to 87 million

The Federal Trade commission announced its settlement with Facebook. Under which Facebook will US$5 billion as fines and penalty levied by FTC after years long investigation into Cambridge Analytica scandal.

10)   JP Morgan Chase

Data Breached: 76 million households and 7 million small businesses

In 2014, US based investment bank and financial services company announced a cyber attack that compromised data associated with 83 million customers accounts that includes 76 million households and 7 million small businesses. The data exposed in the breach were contact information, names, address and email address. The hackers breached the bank’s network through the compromise of employee’s personal computer.

The bank did not disclose the cost of breach although JP Morgan spends $250 million on security every year.

.

References:

1)    https://breachlevelindex.com/link

2)    https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html/link

3)    https://www.infosecurity-magazine.com/data-breaches/link

4)    https://blog.avast.com/biggest-data-breaches/link

5)    https://www.cnet.com/how-to/equifax-data-breach-how-to-claim-125-now-in-the-settlement/link

6)    https://www.nbcnews.com/business/business-news/target-settles-2013-hacked-customer-data-breach-18-5-million-n764031/link

7)    http://archive.boston.com/business/globe/articles/2007/08/15/cost_of_data_breach_at_tjx_soars_to_256m/link

 

8)    https://qz.com/1245049/the-cambridge-analytica-scandal-affected-87-million-people-facebook-says/link