Data breaches have become a daily occurrence, so much so that the majority are never even reported in the media. The question you’re probably asking yourself is what constitutes a news worthy data breach?
The list below outlines the top 5 data breaches of the 21st century:
Impact: 3 billion users
The details: Back in September 2016, whilst in acquisition talks with Verizon the once powerhouse of email and search announced that in 2014 it had been subject to the largest data breach ever. Yahoo stated that 500 million user email addresses, passwords, phone numbers, real names and dates of of birth were compromised in the attack.
During the final sale of its core internet business to Verizon in 2017, Yahoo admitted they had actually been the target of several different large scale data breaches bringing the new number of compromised accounts to a staggering 3 billion.
This information reportedly made Verizon decrease their sale offer to Yahoo by $350 million. The final sale agreement between the two companies was $4.48 billion.
Date: May 2014
Impact: 145 millions users
The details: Prior to the 2014 attack Ebay had come under fire for poor implementation of it’s password-renewal process. In May 2014 Ebay admitted that 145 million of their user accounts had been exposed when hackers managed to infiltrate their company network.
Ebay assured the public that no financial information had been compromised and asked that all users change their passwords.
Despite the huge hit to the company’s user security reputation, Ebay’s CEO, John Donahue reported that there had only been a slight decline in user activity and “their bottomline had not been affected.”
Date: July 2017
Impact: 143 million users and 209,000 consumer credit card details
The details: In September 2017, Equifax, one of the United States biggest credit bureaus confirmed that an application vulnerability on one of their external facing websites had lead to a data breach.
There was minimal information released about the breach, only that some 143 million accounts had been compromised to a high degree and that 209,000 consumer payment details had been accessed.
Impact: 110 million Consumers
Date: December 2013
The details: In December of 2013 Target announced that it had suffered a severe attack on its consumer databases. An estimated 110 million comsumer accounts were exposed with approximately 40 million of those having their payment information stolen when hackers gained access to a third party point of sale payment provider.
The CIO and CEO resigned shortly after the attack with company suffering an estimated loss of $162 million.
Date: Late 2016
Impact: 57 million Uber users and 600,000 drivers
The details: The scale of Uber’s breach is not what warrants its place on this list, rather the way the company chose to handle the situation. This is a lesson in what not to do if you suffer a data breach.
In late 2016 hackers managed to compromise the personal information of 57 app users. They also managed to obtain the driving license details of approximately 600,00 Uber drivers.
This is where the trouble starts. Uber decidied not to confirm the attack until almost a year later and on top of that revealed they had paid a $100,000 “bug bounty” to the hackers to destroy the sensitive information without any way of confirming they actually did. The blame fell largely on the CSO who was fired shortly after.
The breach impacted Uber’s reputation heavily with its company valuation dropping from $68 billion to $48 billion during sale negotiations in 2017.