Every time you shop online or sign up for a new service, you leave even a little bit of your personal information on the Internet. Unfortunately, sometimes even the companies that are supposed to protect this info have security holes and data gets lost or into the wrong hands, which is what we call a “data breach”. These incidents are a warning to all of us and a reminder that we need to be careful about where and how we enter our data.
In our article we are going to look at some of these serious cases of “data breach” and try to understand how we can keep our information safe.
Some of the most significant data breaches in recent years
Heartland Payment Systems (2008)
Heartland Payment Systems was the victim of the largest data and credit card thefts. Approximately 134 million cards were brought into view due to malware infiltrating the company’s payment processing system, leading to one of the largest identity thefts in history.
Yahoo discovered in 2016 and 2017 that it had suffered two huge data breaches a few years earlier, affecting all 3 billion user accounts. These breaches featured names, dates of birth, email addresses, and security questions. It is considered one of the largest breaches in history for the number of people’s accounts. The consequences had a significant impact on Yahoo’s reputation and suggested Verizon’s acquisition of the company.
eBay, the online shopping and auction giant, stood out in 2014 that it had suffered a data breach affecting some 145 million users. Cyber criminals stole databases of names, email addresses, physical addresses, phone numbers, and dates of birth.
Sony Pictures (2014)
Sony Pictures Entertainment was the victim of a cyber attack in which about 100 terabytes of data were stolen and scattered. This data included personal information about employees, company emails, copies of unreleased films, and other sensitive company data. This attack had wide implications, affecting international diplomatic relations and raising questions about cybersecurity in the entertainment industry.
Anthem Inc, one of the largest health insurance companies in the United States, suffered a data breach that exposed the personal information of some 80 million customers and employees. The stolen data included names, dates of birth, social security numbers, email addresses, work addresses and incomes.
Equifax, one of the largest credit reporting agencies in the United States, suffered a huge data breach in 2017. Very sensitive personal information of about 147 million people was exposed, including Social Security numbers, birth dates, and addresses. The scope of this incident was huge because it affected individuals who had entrusted Equifax with their most confidential data. The company was criticized for mishandling data security and responding slowly to the problem.
Marriott International (2018)
Marriott International announced in 2018 that its Starwood subsidiary’s reservation systems had been compromised. Attackers had unauthorized access to the network for four years and stole data from approximately 500 million customers. The stolen information included names, addresses, phone numbers, passport numbers, arrival and departure dates, and in some cases, credit card information. This data breach highlighted the need for more precise cybersecurity practices in the hotel industry.
In 2019, it was discovered that Facebook had left user data unattended on publicly accessible servers. About 419 million user records, including phone numbers and user IDs, were potentially put on display. This incident raised serious concerns about Facebook’s ability to protect user data and its privacy practices, fueling the global debate over regulation of tech giants.
First American Financial Corp. (2019)
Insurance giant First American Financial Corp. had a massive data leak when some 885 million sensitive documents related to real estate transactions were left accessible without proper authentication. This exposed personal financial information of millions of people, potentially going back as far as 16 years.
Chinese e-commerce giant Alibaba suffered a breach when a vendor affiliate stole about a billion pieces of customer data from Taobao, the online shopping platform. This data includes user IDs and phone numbers, and the theft was brought about by exploiting an absence in the system’s API.
But where does all the data stolen by the data breach end up?
Usually when data is stolen, it often ends up in the hands of Internet criminals who try to make money from it. They might use the information to trick other people, ask for money or even take someone’s identity. Sometimes we don’t even know where or how the data is being used until it is too late and someone finds themselves in a complicated situation.
How can we protect ourselves from a data breach?
From the end user’s perspective, it may be useful to share as little personal information as possible when registering for a service or using, for example, temporary emails instead of our personal email. As for companies or entities that store our personal data, it is essential that they have a security plan that is appropriate for the data they handle both at the infrastructure and software/hardware levels.
These events have had a significant impact on how companies and the public perceive data security and privacy, leading to calls for stricter laws and regulations around the world.