The Top 5 Data Scandals of the 21st Century

The Facebook scandal and its ongoing fallout — most recently, a senate hearing where Mark Zuckerberg, the company’s CEO, apologized once more to Facebook users for the misuse of their data — is not the first of its kind. In fact, the digital era has been littered with data breaches. Here are some of the biggest data scandals we’ve seen this century so far.

1. Yahoo: 2013–2014 — Affecting 3 billion user accounts.
   This breach is at the top of the list, not just for the huge number of people impacted by the scandal, but also because of the disastrous handling and lack of transparency on the part of Yahoo. While this massive security breach actually occurred a couple of years earlier, the scandal didn’t become public until September 2016, when the company entered negotiations to be bought out by Verizon. An attack in 2014, thought to be at the hands of a “state sponsored actor”, exposed the personal details of 500 million users, including their names, emails, phone numbers and DOB’s. This was far from the end of the story however. In December of 2016, it came to light that a different hacker collective had attacked 1 billion accounts in 2013, which in addition to personal names, emails and numbers, also compromised passwords as well as security questions and answers. It took until 2017 for Yahoo to acknowledge that in fact 3 billion user accounts had been compromised in the 2013 attack.

2. Equifax: 2017- Affecting 145.4 million customers. Equifax, one of America’s largest credit bureaus suffered a data breach last year as a result of an application vulnerability on one of the company’s websites. The breach led to the exposure of a wealth of personal data on 143 million Americans, who never even had the choice to opt out or opt in to the company’s credit reporting services. The data that was compromised included social security numbers, addresses, DOB’s, driver’s license data and in some cases, credit card information. Then, a full 6 months later, Equifax acknowledged that another 2.4 million users were actually affected, meaning that in all, data on over half of all Americans was compromised.

3. eBay: 2014 — Affecting 145 million users. In May 2014, eBay disclosed that it had been the victim of a cyber attack that had compromised the personal details all 145 million users, including their names, addresses, DOB’s and passwords. Hackers had used the credentials of 3 company employees to access eBay’s user database and had free rein of the system for 7 and a half months. While they did not gain access to credit card details and other financial data, the hackers were able to get customers to change their passwords, unwittingly providing their new credentials. Here too, a lack of communication with users and a lax approach to security were in evidence. However, notably, the digital auction house bounced back with a boost in revenues the following quarter, barely feeling the impact- a far cry from the prolonged pressure Facebook is currently under.

4.Target: 2013 — Affecting 110 million customers. Target was hit by a hack in late 2013, which was not actually discovered for a number of weeks. The company announced that a hack had compromised credit and debit card information and contact information for approximately 40 million customers. However, in a now familiar turn of events, in January of the following year, the retail giant revised its estimate, stating that personally identifiable information, including names, emails, addresses and phone numbers of 70 million customers had also been exposed, raising the number affected to 110 million. The breach cost the company $162 million and the scandal led to the resignation of the store’s CIO, followed closely by that of the CEO. While Target implemented a number of security improvements, the company has been widely criticized for the insufficiency of these measures.

Uber has had its fair share of scandal in recent years and the breach in 2016 was just one more instance of the company mishandling a crisis. Two hackers accessed personal details of 57 million users, including their names, emails and phone numbers, in addition to obtaining the driver’s license numbers of 600,000 of the company’s drivers. It then took a year for Uber to confess publicly to the breach. Then it became clear that the company had compounded one misstep with another, with the revelation that Uber had paid the hackers $100,000 to destroy the data, a payoff which they had labelled a “bug bounty” fee with no means of confirming whether the stolen data was in fact destroyed.

While we can see that Facebook is far from the first corporation to suffer a data breach, and almost certainly not the last, one thing is clear. Data subjects have had enough, and Facebook seems to be the straw that broke the camel’s’ back. Users are beginning to ask some very pointed questions. Shouldn’t data about me belong to me? Shouldn’t I be able to control who uses it and how? Shouldn’t I be able to rely on the privacy of the security of my personal information?

Well the time couldn’t be more ripe for a new EU privacy bill, the GDPR, which is set to take effect next month. The GDPR states that data subjects are the rightful owners of their data, and the online businesses that already collect user data must make an electronic copy available to the subject free of charge.

Another development that is offering secure data management alternatives to data owners, is the emergence of blockchain technology, which offers greater transparency, and security while ensuring a fairer more democratic business space.

Blockchain technology uses incredibly powerful encryption. It is innately transparent and all activities on the network are traceable, since every transaction is recorded on a public ledger. Once a transaction is published on the blockchain it cannot be reversed, and every single transaction demands a consensus, since it requires peer verification. The decentralized nature of the blockchain means that no single individual, company, institution or government is in control, providing greater reliability and engendering the trust of its users.

One company that is leveraging both the power of the GDPR and blockchain technology is Liberdy, an advertising data management platform. The startup’s stated mission is to empower data subjects to reclaim their personal data and be rewarded for its use. Liberdy’s consent-based platform accesses the data on its users that is already being collected by online companies. It then de-personalizes, encrypts and segments it, enabling the user to decide which data sources they wish to share, and with whom. The user is paid for sharing their information with advertisers on the platform, who benefit from access to reliable, accurate, first-hand data. Blockchain’s powerful encryption protects the data on the platform and the company uses smart contracts to ensure the transparency and security of the data sharing process.

Liberdy is just one of a number of companies that have seen which way the wind is blowing and are offering secure and equitable data management opportunities for both data owners and brands. If we don’t want to add a string of additional breaches to our list, more companies need to get on board with blockchain, or their customers will leave, taking their data with them.