Companies are painfully aware of the risk of cybercrime, hackers and the need for protecting their own and their client’s data. Breaches seem to happen every day, as hackers attempt to breach systems to access personal data. Users also are more aware than ever about the need to protect themselves through home security systems and the use of VPNs. Companies of all sizes are at risk of a breach as this list of the top 10 most embarrassing shows.
Yahoo was subjected to the largest data breach of all time from 2013 to 2014. This came to light in 2016 as it was negotiating a sale of itself to Verizon which they believed was carried out in a number of attacks by a ‘state-sponsored actor’, and other hackers. They estimated that in total 3 billion accounts were effected which included data such as email addresses, names, phone numbers, and dates of birth. The breaches would end up knocking hundreds of millions off the sale price.
2. JP Morgan Chase
In 2014, the largest bank in the United States was hacked which resulted in more than half the households in the country having their data breached. This number reached 76 million households, along with 7 million small businesses. The personal data compromised included internal information, email and physical addresses, names, and phone numbers, though no money was taken. The hack embarrassingly occurred despite JP Morgan spending over a quarter of a billion dollars a year on security. Three men were eventually arrested and charged for the attack.
3. The Friend Finder Network
This data breach was just as embarrassing for some of its users as it was for the company involved. The Network included adult content sites and casual hook-ups and over 400 million accounts were affected in this attack in 2016. Twenty years of data were accessed by hackers from six databases including an array of personal information. The main problem was that the majority of passwords were weekly protected by an SHA-1 algorithm. The problem was fixed through consumer confidence was naturally shaken.
4. Heartland Payment Systems
This breach began in early 2008 and was not discovered until the start of 2009 when Visa and MasterCard noticed a number of suspicious transactions. It turned out that three hackers from Cuba and Russia had installed spyware using a SQL injection to steal debit and credit card details. At the time Heartland was processing 100 million transactions every month, and this kind of SQL injection was one of the commonest forms of hacking. As a result, Heartland paid compensation of $145 million and was temporarily banned from processing major card payments.
In May 2014 eBay reported a data breach that had been going on for around 229 days. Hackers used employee credentials to access the company network and the user database. eBay reported that the data of 145 million users were exposed, including things like DOBs, email address, names, and addresses. The company claimed that payment details were not compromised but still faced a barrage of criticism for their handling of the issue and resulted in a drop in user activity. This is due to greater user awareness to protect themselves through a variety of measures such as anti-virus software, VPN’s, and avoiding sites in the news.
While not being a huge breach in comparison to others, Uber warrants a mention due to the embarrassing way they were hacked and the way they handled it publicly. This hack occurred in late 2016 and exposed the license details of 600,000 drivers along with 57 million users. Hackers accessed Uber’s account on GitHub where they discovered login details for the companies AWS account which most certainly should not have been there. Uber waited a year before letting anyone know about the breach contributing to a significant drop in the company’s valuation.
7. Sony PlayStation
This data breach occurred in 2011 and still remains the biggest in the gaming community. The size of the hack was huge – 77 million users of the PlayStation network were affected, but the scope of the breach was also particularly bad. Hackers were able to get their hands on email and home addresses, names, logins, passwords, purchase history, and unencrypted credit card numbers. Sony lost an estimated $171 million while they took down the site for a month and their reputation took a huge hit as their security systems were called into question.
At the end of 2013 hackers breached the data of Adobe’s clients accessing 38 million customers including information such as credit card details, logins, and passwords. It took weeks just to figure out how big the breach actually was and some estimate that up to 150 million usernames with passwords were hacked. The company faced fines and legal fees for the breach as well as loss of reputation in the market which can sometimes be even more damaging in the long run.
9. NHS Patient Details
Not even government agencies are immune as a recent hack on the NHS shows. The data breach resulted in details from 150,000 patients being shared over a 3 year time period. The details included confidential health information, and the breach was caused by a coding error in one of its most popularly used IT systems. The breach is a timely reminder for all organisations who hold data to assess how it flows through the system and educate users.
Along with governments, the biggest and most successful tech companies are also at risk of breaches as Facebook found out early this year. The company discovered a vulnerability in September that allowed hackers the ability to access up to 50 million accounts. The hackers could then take over the account and view everything that was in it. Facebook logged 90 million users out for their protection and claim to have patched the bugs but the incident serves to show that the biggest and mightiest companies are still vulnerable to data breaches.