Tuesday, November 3, 2015

The 5 most frightening data breaches



Ashley Madison (2015)

All data breaches are scary, but some just have that extra scream factor.

In arguably the most embarrassing data breach of the bunch, a group calling itself "The Impact Team" stole 37 million records from adultery website Ashley Madison, including many records that customers had paid to have deleted.

Virtually all of the company’s data was stolen in the hack, including records that suggest most female accounts on the site are fake, and that the company used female chat bots to trick men into spending money.


LivingSocial (2013)

Daily deals company LivingSocial had its network compromised in 2013, with hackers stealing roughly 50 million names, email addresses, birthdays, and encrypted passwords from its SQL database.



Sony PlayStation Network (2011)

Game over, man. In April 2011, hackers raided Sony’s PlayStation Network (PSN) service, stealing personally identifiable information from more than 77 million gamers.

Sony was further criticized for delaying the release of public information about the theft and for storing customer data in an unencrypted form.

The attack took Sony’s PSN out of service for 23 days.



Internal Revenue Service (2015)

Nigerian scammers pilfered more than $50 million from the U.S. Treasury via an embarrassingly simple 2015 hack of the Internal Revenue Service website.

Information scraped from previous data hacks was used to steal Americans’ identities and request copies of past tax returns on the IRS website. The crooks then filed new tax returns with falsified data, requesting big refunds.

The hack caused massive nightmares for the estimated 334,000 people whose records were stolen before the IRS shut down the transcript request service.



Target (2013)

Hackers installed point-of-sale malware on Target’s computer network sometime in 2013, resulting in the theft of more than 70 million customer records. Stolen data included payment card numbers, expiration dates, and CVV codes.

The retailer reached out to affected customers by offering free data monitoring (standard practice) and a 10% off discount on a future shopping trip. But it was too little, too late; same-store sales slid in the quarter following the hack.

Other cases:

Anthem (2015)

Anthem, the United States’ second largest for-profit health insurer, disclosed in February 2015 that it had lost 78.8 million unencrypted customer records to criminals. Names, social security numbers, email addresses, and income data was stolen.


The rare piece of good news: Financial and medical records were not affected.

Adobe (2013)

Adobe revealed in October 2013 that hackers had stolen 38 million active customer IDs and passwords, forcing the company to send out a wave of password reset warnings.


Weeks after, the news got worse for the company: The thieves also made off with the source code for its popular Adobe Photoshop software.

eBay (2014)

Talk about an inside job: In 2004, online auction house eBay suffered the largest hack in U.S. history, losing 145 million login credentials to a hacker using an internal eBay corporate account.


Names, email and street addresses, phone numbers, and birth dates were compromised, but thankfully, passwords were stored in encrypted form.

Home Depot (2014)

In September 2014, Home Depot admitted that it fell prey to hackers who installed antivirus-evading malware on its self-checkout registers. An estimated 56 million sets of customer payment card data were stolen in the attack.


The company’s losses related to the event are expected to top $1 billion when all of the lawsuits are finally settled. Only $100 million of that will be covered by insurance.

JP Morgan Chase (2014)

The September 2014 breach of JP Morgan Chase proved that even the largest U.S. banks are vulnerable to data theft. Online banking login details were not stolen, but crooks did get their hands on 76 million sets of names, emails, addresses, and phone numbers of bank customers, creating serious phishing concerns.


A group of Russian hackers is believed to be responsible for the attack.

PNI Digital Media (2015)

PNI Digital Media, the company that handles online photo printing for CVS, Walgreens, Rite Aid, Costco, and many more national chains, lost an unknown number of customer records to hackers in 2015.


Given that the company boasted more than 18 million transactions in 2014, it's likely that this breach affected tens of millions of Americans.

Heartland (2008)

Credit and debit card processing firm Heartland Payment Systems became one of the largest data breach victims in U.S. history when hackers compromised more than 130 million accounts in 2008.


The criminal ring involved in the Heartland data theft was also found to be responsible for the 2005 hack of TJX Companies involving 94 million records.




No comments:

Post a Comment