Major data breaches in the last decade
As technology advances, so does cyber crime and new ways to take over your personal information are devised every day. There have been thousands of data breaches over the last decade, which shows how vulnerable we are when we use the devices that have become part of our life. Most companies have experiences data breaches and it is believed that those who haven’t been affected, are actually unaware of the fact that they have been already compromised. Users around the world have become concerned after the data breaches that have affected large companies, have been revealed to the public. We supply our details to companies and rely on them to keep our information secure. While many companies invest on advanced security systems, it is clear that the necessary measures to protect the data gathered from customers, are not being taken.
Before we go through the list of some of the largest data breaches that have taken place in the last few years, it is important to remember that defending our privacy is our responsibility. We need to take matters in our own hands and one of the things that we can do to keep our data protected is to use a VPN. VPN services encrypt our online traffic adding a layer of security to stop third-parties from accessing our data. They can also mask our identity and protect our privacy when we are connected to the internet. Using a VPN in addition to a good antivirus program can defend you from online threats. Make sure that you choose a VPN service that provides strong encryption and that doesn’t keep logs of your activities. Some of the most reliable options available are NordVPN, ExpressVPN, PureVPN, Buffered, PIA and VPNArea.
2016
Over 30 million login details were available for sale online. In this case, it seems like Twitter’s servers were not compromised, but the data was stolen directly from the users.
MySpace
One of the pioneers in social networking, MySpace, was also impacted by a large scale data breach. More than 360 million login details were stolen and apparently, although the passwords were stored using SHA-1 hashes, they were broken using a cracking server that can run millions of SHA-1 calculations per second.
Yahoo!
In 2013, over 1 billion Yahoo accounts were compromised but the information was not revealed to the public until 2016. Yahoo! claimed that hackers working for a foreign government were behind this major data breach. Forged cookies were used to get access to user accounts without even using their passwords. The largest data breach resulted in over 500 million details stolen (most likely usernames, but possibly also full profiles) and while it took place in 2014, it was only made public in 2016 as well. In 2013, an estimated 22 million Yahoo accounts from users in Japan, were compromised but Yahoo! stated that no personally identifiable information was stolen.
Mossack Fonseca
Based in Panama, Mossack Fonseca is a law firm that focuses on setting up anonymous offshore companies. Over 11 million documents including emails, photos and PDF files were leaked. The information regarding the real owners of these companies was revealed and many illegal activities were uncovered, prompting a major international scandal known as Panama Papers.
Securus technologies
This Dallas-based company that is focused on developing technologies for prisons also made the headlines when over 70 million prisoner calls were recorded and leaked by a hacker who used SecureDrop. The case was particularly worrying given that many of the calls were between inmates and their lawyers, which represents a severe breach of attorney-client privilege.
VTech
Another alarming case was related to electronic toy manufacturing company VTech. The information of nearly 12 million users (parents and children) was leaked due to VTech’s weak security measures. The information that was compromised included names, addresses and even the images used by kids as their online avatar on VTech’s site.
Turkish citizenship database
A publicly available database with nearly 50 million details related to Turkish citizens, including names, parents names, genders, national IDs, addresses and dates of birth, was discovered on the internet.
Philippines Commission of Elections
The information of around 55 million registered voters in the Philippines was leaked on an online database, right after the Philippines’ Commission of Elections website was hacked.
Foursquare
It was estimated that over 22.5 million records were taken from sources available to the public, containing Foursquare usernames and email addresses, as well as Facebook and Twitter IDs.
Weebly
This popular web-hosting company was also affected by a a major data breach. Over 43 million records were obtained, although it is still not clear how the data was stolen. The details stolen included usernames, passwords, IP addresses and email addresses.
Friend Finder network
Email addresses, passwords, usernames, sites visited, site registration details and other data related to over 400 million account was stolen, compromising the privacy of a high number of users.
Kromtech
The personal details of over 13 million users of Kromtech, MacKeeper and Zoebit were obtained and published on a public database. An independent security researcher found out about the database and it has been taken down.
2015
T-Mobile
The information of potential T-Mobile customers whose credit had been checked by Experian was accessed by third parties. The data consisted of about 15 million records such as names, social security numbers, addresses, dates of birth and identification numbers.
Sony Pictures
Hackers stole over 10 million records containing customer’s details like names, social security numbers, dates of birth, addresses, phone numbers and financial information including credit cards.
Ashley Madison
Users of the controversial dating website Ashley Madison were also affected by data breaches in 2015. Financial records, usernames and other confidential information became exposed, after the records were stolen by hackers and made available on the Dark Web.
Voter Database
The information of over 190 million voters in the United States was leaked on a publicly available online database. The information leaked included names, phone numbers, home addresses, voter IDs, political affiliations, as well as detailed voting information since 2000.
Office of Personnel Management – Washington D.C.
Information related to anyone who has applied for a security clearance since 2000 was leaked in 2015. Over 20 million records including Social Security Numbers and the questions asked during interviews for security clearance, were exposed.
Premera Blue Cross
Medical files, personal and financial information such as bank account numbers, addresses, names and dates of birth, were stolen from Washington bases health insurance company Premera Blue Cross.
JPMorgan Chase
The prestigious financial services company JP Morgan Chase was also affected by a large data breach in 2015. Hackers managed to break into the company’s servers and stole names, phone numbers, addresses and other details from 76 million account holders.
Anthem
More than 80 million records stored by the health insurance company, including medical IDs, social security numbers, addresses, income details and dates of birth, were accessed without authorization.
2014
eBay
The popular marketplace was targeted by hackers who managed to get access to the company’s user database, using employee login details. Over 145 million records were stolen and the data included email addresses, home addresses and encrypted passwords.
JPMorgan Chase
Nearly 70 million bank accounts were accessed by hackers, who modified or completely erased the data.
Target
During Thanksgiving and Christmas holidays 2013, 70 million card payment records were stolen, but the matter only came to light in 2014. Following this data breach, chip card technology legislation was introduced in the United States.
Korea Credit Bureau
A consultant that was working temporarily on the company, was arrested and charges after the stealing financial derails of about 20 million users.
Home Depot
Home Depot was targeted in February and September 2014. In the first instance, three employees were involved in the theft of over 30000 records. The second time, the company was affected by a hack of its point-of-sales systems, which resulted in over 50 million credit and debit cards being compromised.
2013
Evernote
The most significant data breach of the year involved Evernote. At least 50 million records were leaked. The company promptly contacted users, asking them to change their password.
Adobe
Adobe
The accounts of over 38 million Adobe users were compromised. All affected users were alerted about the issue and asked to change their passwords.
LivingSocial
The data of the members of this online services and products marketplace, was also compromised in 2013. At least 50 million records including email addresses, names and passwords were accessed.
2012
Apple
At least 12 million Apple IDs were stolen from BlueToad, a digital publishing company specialized in converting PDFs into files that can be easily accessed on mobile devices. Hackers stole the Apple IDs by breaking into BlueToad’s database.
Dropbox
The email addresses and passwords of up to 68 million Dropbox users were copied. The users were targeted by phishing emails in which the senders pretended to be Dropbox.
Nasdaq, 7-Eleven and more
Over 800000 bank accounts and at least 160 million card details were stolen from several US companies including Nasdaq and 7-Eleven.
Court Ventures
A data breach at Court Ventures resulted in 200 million personal records being sold. Court Ventures is a subsidiary of credit monitoring firm Experian and the information stolen included credit status, social security numbers and financial details.
Zappos.com
Unauthorized access was detected on this online clothing and shoe shop and at least 24 million users accounts were affected. The details accessed included email addresses, phone numbers, names and billing/shipping addresses.
2011
Sony
Almost 25 million accounts were affected by unauthorized access and sensitive information such as names, email addresses, dates of birth, billing information, passwords and addresses, was compromised. The PlayStation network was compromised and 77 million records were accessed, including thousands of financial details.
WordPress
The data on a large number of WordPress servers was accessed by hackers, compromising the source code, social media passwords and API security keys of at least 18 million users.
Steam
A database containing usernames, passwords, email addresses, card details and other information, was compromised. The details of over 35 million users were accessed without authorization.
178.com
Chinese gaming website 178.com and other similar sites, were also targeted by hackers, who stole the details of over 10 million users.
Tianya
Tianya is one of the most popular websites in China and millions of users accounts were compromised in 2011. The details were then made available in the Dark Web.
Epsilon
In 2011, global marketing company Epsilon was affected by a data breach that involved at least 50 million records. Epsilon stated that only email addresses and names were obtained and asked users to keep an eye on potential phishing emails.
2010
DeviantArt
Since this list focuses on data breaches that affected at least 10 million users, the only one that meets the criteria in 2010, involved online art gallery and community website DeviantArt. Hackers managed to access DeviantArt’s database and stole user names, email addresses and other users’ details. The issue affected at least 13 million users.
2009
Heartland Payment Systems
This credit card processor was affected by a data breach that compromised up to 130 million credit cards. The lack of transparency and the delays to deal with the breach caused severe issues and at that time, this was considered as the largest ever criminal breach of card information.
U.S Military Veterans
The record of 76 million US veterans were put at risk, when a damaged card drive was sent for repair, before removing its data beforehand. The drive contained veteran’s details and even after it was established that it couldn’t be fixed, it was sent for recycling to another organization without deleting the data first.
RockYou
RockYou has created widgets for MySpace and it focuses on application for social media networks. In 2009, its database was compromised and as a result, a full list of usernames, email addresses, passwords and other sensitive information was accessed. Over 30 million records were stolen, including login details for MySpace and Facebook.
2008
GS Caltex
This oil refining company made headlines in 2008 due to its negligence while handling customer’s data. Two CDs containing a list of information of almost 12 million customers, were found in Seoul, in the middle of a street.
Auction.co.kr
This South Korean auction site was also affected by a data breach in 2008, when a hacker stole personal user information and financial data related to 18 million members of the site.
Countrywide Financial Corp
Sensitive personal information of over 17 million account holders was stolen and sold by a former employee of the company.
Bank of New York Mellon
Over 12.5 million records of customers containing social security numbers, names and possibly bank account details, were put at risk when one of the backup tapes used to store the data went missing.
2007
HM Revenue and Customs
In the UK, the computer disks that contained confidential data of over 25 million people receiving child benefits, were lost. It appears that the disk were lost while being transported from HM Revenue and Customs in Newcastle to an insurer’s offices in Scotland.
TJ Stores
More than 100 million records were stolen in 2011. The information included credit and debit card numbers, as well as details of merchandise returned. One interesting detail in this case is that Albert Gonzalez, the main hacker involved in the data breach, appealed his conviction stating that his actions had been authorized by the Secret Service. Later the Government of the United States admitted that Gonzalez was working as an undercover informant for the Secret Service.
2006
U.S Department of Veterans Affairs
Hardware containing sensitive information was stolen from the home of an employee of the U.S Department of Veterans Affairs. The data referred to over 26.5 mullion veterans and it included names, SSNs, phone numbers and addresses. Although the laptop and the storage device were eventually recovered and the FBI states that the information had not been copied, the case showed that the Department of Veterans Affairs was not taking the necessary measures to protect the Veteran’s information.
AOL
Details of at least 20 million web searches or 650000 registered users were released by the company. The searches over a three month period were included in the data leaked and there was even information about the results selected by users and where that result appeared in the search list.
T-Mobile
A storage device containing names, mobile phones, email addresses and home addresses of high profile German citizens, was stolen. Although the device didn’t contain financial information, the case raised concern at the time.
iBill
iBill was an internet billing company that was at the peak of its game as a credit card transaction aggregator for adult websites in the early and mid 2000’s. In 2006, over 17 million records of its customers were posted online. The information included names, email addresses, IP addresses, login details, purchase amounts and more. The breach could have been caused by an insider.
Conclusion
The cases listed above are just some of the examples of data breaches can affect even large companies. Negligence is an recurring issue and while the cases discussed refer to millions of records compromised, there are many other data breaches where the amount of information that was put at risk, is not known. While the majority of companies report data breaches when they take place in order to avoid potential lawsuits and other issues, there is no legislation that makes the reports mandatory. However, there is a lot of information that is not disclosed and in some cases, companies simply report that a data breach occurred or that some information was lost, but they don’t provide more details on the matter.
What is more concerning is that some of these companies collect data without customers’ knowledge. In order to enhance the protection to your data and prevent hackers from getting access to it, it is important that you use a VPN to encrypt your online traffic and an anti-malware program to protect your device from dangerous applications. You can also consider changing your password regularly, or ensure that the password you create when you register for a service is very strong. If you have concerns about how your information is handled by a company, you can contact them and ask them about their policies and the measures taken in case of a data breach.