Biggest Data Breaches, Hacks & Privacy Controversies In History

Sandip Malaviya
Samarpan Infotech
Published in
12 min readDec 28, 2018

20 Worst Data Breaches and Privacy Scandals of 21st Century.

Today, the biggest treasured element for any company is the data of its customer. And what is the biggest nightmare for any enterprise? The breaching of the data they have been saving since months or years. We all are hearing about data breach incidents since the technology has invaded in our lives.

Data Breach & Security

What exactly is a Data Breach?

The simplest definition of this complicated problem is the Security related incident in which information is accessed without any authorization. In common cases, it exposes the private information of customers like emails, contact info or even credit card information.

How does this affect you?

These data breaches have affected the top business, enterprises and their customers. Even if your business or your individual data haven’t affected yet you should be aware of the biggest privacy controversies. So here is

The list of top 20 enterprises who were the prey of data breaches, hacks & controversies.

1. Facebook — Cambridge Analytica: Unauthorized Data Usage Access Scandal (2018)

Dates: 2010–2018

Details: The scandal started from a simple Open-graph platform launched by Facebook for third-party apps and developers. The update provided access to the private information of users with their concern.

In 2013, Global science research launched an app “Thisisyourdigitallife” in which users were prompted to answer questions of a quiz. In this quiz, around 270,000 users participated and the company got the data access to the friends of the participants.

Although in 2014, Facebook limited the developers’ access to data the Global science research company did not delete the data which was improperly acquired by the quiz. In a series of report by The Guardian, Cambridge Analytica was the major source of data in the presidential campaign of Ted Cruz. Cambridge Analytica and campaign team of Donald Trump invested heavily on Facebook ads in 2016’s presidential election of USA .

In an undercover sting operation, the managing director of the company talks about how the firm was accountable behind the video campaign called “Defeat cooked Hillary”. Then finally, on March 17, 2018, The Guardian & The New York Times exposed that 87 million Facebook profiles were harvested in the campaign by Cambridge Analytica.

2. Google Hearing — Data Privacy & Usage Controversy (2018)

Dates: December 2018

Details: The lawmakers of Congress investigated Google CEO about How Google is more biased towards Conservative content and the algorithms of Google. They also wanted to hear about the anti-competitive market behavior of Google and its data privacy policy.

His plans about the return to the China market with a censored Search Engine and The project Dragonfly. The lawmakers were more concerned about piracy and copyright violation.

The CEO had to explain to the senators how their Search Engine shows specific results on search terms. For example, they wanted to know how the picture of Donald Trump comes up when they type “idiot” in the search box.

3. Marriott International — Data Breach (2018)

Dates: 2014 to September, 2018

Details: Four years of data breaching and the company was unaware? This is hard to believe but it is true. Marriott international realized this breach when an internal security tool signaled activities from an unauthorized party. It took around two months to decrypt the information encrypted by the hackers.

As per the statement by Marriott, the breach has accessed the guests’ names, passport numbers, email addresses, gender, phone numbers, date of birth, reservation information and Starwood loyalty program account information. For few guests, the payment card number and expiration dates were also stolen.

The amount of data lost in this breach may have helped the hackers to track the movements of business executives, spies, military officials, and diplomats. This type of data can be the raw material for misdeeds like identity theft.

4. Yahoo — Data Breach & Hack (2013 & 2014)

Dates: August 2013 and late 2014

Details: Yahoo! Internet service provider company announced on September 2016 a major breach of data in late 2014. The hackers exposed the data of over 500 million users accounts. Another major announcement was made in December 2016, about another data breach in September 2013. in October 2017; Yahoo! Confirmed that around 3 million user accounts were affected.

There is no doubt that the company is being criticized for the posthumous revelation of the breaches. Yahoo! is facing multiple lawsuits along with that members of United State Congress are investigating the company. The major impact of these breaches was on the deal between Verizon Communications and Yahoo!. The Yahoo! Was about to get sold in $4.8 billion which later dropped by $350 million and SEC also imposed $35 million fine over failing to disclose data breach.

5. Adobe System — Hackers Data Breach (2013)

Dates: October 2013

Details: Adobe called this a part of “Sophisticated attack”; the breach allowed hackers to stole encrypted passwords, names, date of birth, and other personal information. Initially, the company informed that around 2.9 million accounts are affected, later this number aroused to whopping 38 million accounts.

Along with user information, hackers also took copies of the source code of the popular Adobe picture editing software: Photoshop. The software was being used by businesses and individuals around the world.

Another source cold was stolen from Coldfusion, which is used by 75 of the fortune 100 companies, United States Senate and over 10,000 businesses worldwide.

6. Under Armour — Hackers Stole Data (2018)

Dates: Late February 2018

Details: The sports gear maker company; Under Armour announced on 29th March 2018 that their popular fitness application: “My fitness pal” was hacked in February 2018. the popular calorie tracking app; has affected the data of more than 150 million users. The company claimed to notify the users within the four days of realizing the breach.

Although the company ensured the users that the social security numbers, payment card data and driver license number are safe. But the stolen data had email addresses, names and hashed passwords. The company urged the users to change the passwords on the website and app instantly but the damage was already done.

7. Google Plus — Security Bug Data Breach (2018)

Dates: 2015 to March 2018

Details: Google had its own Cambridge Analytica moment after its security bug in 2015. the company allowed third-party developers to access the data of users like users’ full name, gender, places lived, birth dates, relationship status, and occupation. Around 5 million users were affected by this breach.

This breach has lead to the decision of Google to close the Google Plus website entirely. The company will discontinue its customer service and is giving its users 10 months to export all the data. Rather Google will now focus to make G+ as an entirely different enterprise product.

8. Cathay Pacific Airways & British Airways — Data Breach (2018)

Dates: March 2018

Details: In March 2018; the Cathay Pacific Airways discovers suspicious activities on its server. Although the company took immediate actions by hiring a leading global cybersecurity firm. The IT experts tried their best to focus on the policy and hindrance of the data of the users. In October 2018; the company decided to notify each passenger which is affected by the breach of the data.

The CEO Rupert Hogg delivered a video message to its customers to notify the passengers with a complimentary ID monitoring. The Cathay executives informed the Hong Kong lawmakers that 27 regulators and 15 jurisdictions were investigating the attack.

9. eBay — Personal Data Breach (2014)

Dates: March 2014

Details: Late February and early March 2014 has witnessed a huge data rupture. Around 145 million users were affected; the hackers disclosed users record about the email address, phone numbers, names, encrypted passwords and birthdays.

The company hired FireEye Inc’s Mandiant forensics division to investigate the matter. The hackers took this much of data from the three accounts of the company’s employees. The major issue here was users were using their eBay accounts from their workplace stations which have affected the security concerns of the company.

10. Quora — Massive Data Breach (2018)

Dates: December 2018

Details: Quora is the latest dupe of a data breach with a loss of data of 100 million users. The company addressed the users via blog that one of their systems was unauthorized accessed by some third party malware which resulted in this huge severance. The data affected by the breach include users encrypted passwords and email address with actions like upvotes and comments.

The only relief here was company doesn’t have any credit card information and all the answers which were answered anonymously are safe. The company doesn’t store the data of anonymous questions and answers; a sign of comfort for the users.

11. JP Morgan Chase — Financial Data Breach (2010 & 2014)

Dates: October 2014

Details: JP Morgan Chase faced a huge data breach of 76 million household and 7 million small businesses. Being the largest bank of the nation the data which was stolen had sensitive information of the bank customers. The lost data included credit card details, address, contact information, and other delicate data.

The intrusion began in June 2014 but the bank was unaware until July. The company doesn’t face any potential fraud concerning the information was stolen of the users.

The major reason behind this is said to be the neglected server of the bank which was easy to access by the hackers. Considering the critical infrastructure and the size of the bank the national security agency came forward to help in the investigation.

12. Reddit — Personal Data Breach(2018)

Dates: June- August 2018

Details: The Reddit is among the top 20 most searched websites worldwide. The beach affected the accounts which were created before May 2007. along with that, logs from Reddit’s “email digest” of June 2018.

Data like content, email address, and hashed passwords were stolen. Also, the hackers were able to access the private messages shared between 2005 to 2007.

The major concern of the company was the exposure of internal data like employee workspace files, source code, logs, and configuration. This questioned the SMS-Based 2FA security measures of the company. Reddit is working towards more encryption, token-based 2FA and enhanced logging to gain the access of the accounts.

13. Apple — Few Employees System Hacked (2013)

Dates: January 2013
Details: Apple was a victim of data breaches as well. Few systems of company’s employee were hacked. But there was no sensitive data shared or accessed. The reason behind the breach was an employee who visited a vulnerable developer website.

The company’s developer portal was instantly sent under maintenance for three days. Apple took sufficient measurements afterward. A java patch for OS X users was released for the users to install from the updation of software. Also, a tool was released for Mac computers to remove the Java malware or any other offending software.

14. 21st Century Oncology — Major Medical Data Breach (2015)

Dates: November 2015

Details: The Florida based cancer treatment chain suffered from a huge data breach affecting 2.2 million individuals. The FBI first noticed the illegal data access and informed the company about the unauthorized third party intrusion. The data loss was huge and contained sensitive information about the patients.

The information about the users included the social security numbers, names, insurance information, diagnosis, and treatment. There was no misusage of the data came in the light and the company provided one-year free access to the identity theft protection services to all the affected patients.

15. CardSystems Solutions Inc. — Financial/ Credit Card Data Hacked & Stolen (2005)

Dates: June 2005

Details: An Arizona company which handles the transaction process of MasterCard, Visa, Discover Financial Services and American Express informed a data breach in its network. The company provided the list of card numbers which were affected by the data theft. The member banks took care of the data protection of their customers simultaneously.

Over 40 million credit cards were hacked in which 14 million were mastercards and 22 million were Visa cards. although there wasn’t any major fraud cited the banks took sufficient steps to protect the data and irrelevant transactions. Mastercard and Visa both companies assured their customers that they will not charge anything from them for any kind of fraud transaction.

16. Gmail — User’s Account Passwords Stolen (2014)

Dates: September 2014

Details: Around 5 million Gmail passwords were stolen and posted on a Russian bitcoin site. Few people even checked the site and informed that the list has their old password. Google informed the users that less than 2% of the stolen data has a recent or updated password. Google notified each one of the 100,000 users whose recent password was in that list.

The data in that list might be sold to other companies. The users in that list will get more spammy emails and can be easily targeted with phishing attacks. Google warned the users to keep updating their passwords.

17. Citigroup — Financial/ Banking System Data Breach (2005, 2011 & 2013)

Dates: Most recent June 2013

Details: The third largest bank of US faced the data breach of over 36 million card accounts. During routine monitoring, the bank discovered an unauthorized user on the system.

The sensitive data like CVV number, card expiration date, social security number of the users were safe. The company had data breaches previously as well in 2005 and 2011 still their systems were so vulnerable to such severance.

The bank issued new cards for around 21 million customers and the rest were said to be either inactive or already received the new cards. In 2006 the company was forced to block the PIN-based transactions of their UK, Russia and Canada customers.

18. Equifax — Financial & Personal Data Hacked & Stolen (2017)

Dates: May 2017

Details: 143 million Americans were affected by this huge data breach in leading credit report agency. This breach had allowed the hackers to use very sensitive user data like birthdate, address, social security number, and even the driver license number. The major concern here was identity theft of around 143 million people.

The credit card numbers were also leaked of about 209,000 people and personal identifying information with dispute documents was leaked of 182,000 people. The company introduced the website to help the users check what kind of information was exposed.

19. Friend Finder Networks — Largest Data Breach Until 2016 (2016)

Dates: November 2016

Details: The adult dating website called Friend Finder Networks was hacked which resulted in the exposure of private details of 412 million accounts. As per the monitoring firm leaked source; it was the largest data breach until 2016. the hackers got details like IP addresses, browser information, date of last visits, site membership status, email addresses, and passwords.

The company was a parent of websites like Adult friend finder, Penthouse, Cams.com, and stripshow.com. Along with the data breach; the company lost source code from the production environment of Friend Finder Networks and leaked public/private key pairs.

20. 7-Eleven and Nasdaq — Financial & Stock Market Server Data Hack (2012)

Dates: 2005 to 2012

Details: 6 hackers ( five Russian and one Ukrainian) stole credit card and debit card data of more than 160 million cards targeting 800,000 banks. They used to penetrate through the servers of the stock exchange and federal prosecutors.

The breach resulted in the loss of around $300 million to companies and individuals including NASDAQ, J.C Penny co., Jetblue -Airways, 7-Eleven, Visa Inc.

The hackers allegedly took means of identification, names, credit card, and debit card numbers and passwords of the cardholders from the servers of the companies. After using the data they sued to sell it to the resellers around the world. As a result, earning billion dollars from the scams and hacking.

21. Heartland — Financial Data Breach (2009)

Dates: November 2008

Details: The payment and check management service provider The Heartland suffered from massive data stealing. The company was alerted by Visa and Mastercard suspicious activities; they found a malicious software accessing card data across the Heartlands Network.

The company instantly set up a website to help and notify the users about the breach and advised the users to check their monthly statements. Later they reviewed each suspicious activity pointed by the cardholders. The company tried to flag network anomalies in real-time with the next-generation program.

The above list of 20 most popular breaches is the proof that we can’t trust the digital transactions blindly. This is why we all need to focus more on cybersecurity for our businesses as well as for individual transactions.

How we can protect our data online?

We understand your anxiety about online transactions. This doesn’t mean that we have to stop ourselves from the digital world. All we have to do is to be more responsible and attentive.

Here are few tips to protect your data from cyber crimes and online frauds:

  1. Always lock your phone with a Touch ID or Strong password. Never sure your name in the password.
  2. Keep the screen pop-up notifications locked as people around you can easily see the messages on your screen.
  3. Never use public WiFi; until it is too much necessary.
  4. Encrypt your private data.
  5. Install anti-malware protection in your phone and PC.
  6. Never store passwords in the easiest places on your mobile devices. Try to lock the folders in which you have the passwords.
  7. Disable automatic data uploading and downloading.
  8. Check the apps you install and check the permissions you are giving to these apps.

Over to you!

The world is getting digital, with time we will be more into online transactions. If you are a business owner with a frequent online transaction then it is your responsibility to protect the data to your customers. Whether you are from retail, e-commerce, food, entertainment or any industry make sure your data is encrypted and safe.

Still having doubts about the security of your business? Discuss your concern with our experts.

Originally published at www.samarpaninfotech.com on December 28, 2018.

--

--

Samarpan Infotech
Samarpan Infotech

Published in Samarpan Infotech

Samarpan Infotech offers full-stack software development, mobile apps, UI/UX web design, Insurance Agency CRM & cost-effective IT outsourcing services.

Sandip Malaviya
Sandip Malaviya

Written by Sandip Malaviya

Sandip is tech enthusiastic with 10+ years expertise in .NET, IoT, AI, Insurance CRM solutions. To follow his passion he found Samarpan Infotech IT Consultancy.