Reading Time: 3 minutes

We learnt about various corporate crisis and how to manage them in this article. Now, we shall talk about Data Breaches.

These events happen regularly. It is difficult to keep a count of majority of the breaches. But a huge breach is noticed globally. It has the power to change regulations create a sensation and certain awareness amongst the masses. We tried to compile a list of a few significant data breaches of the 21st century
This data is based on the threat or risk which the attacks posed to the entity and the effect it had on the relevant stakeholders.

Data Breach

1. Yahoo Data Breach

Year: 2013-2014
Breach Impact : 1.5 Bn user accounts
Yahoo announced the news of data breach while it was in talks with Verizon in Sept’ 2016 and claimed it was initiated by “a state-sponsored actor”.
The data breach managed to compromise names, email IDs and other personal information of around 500 Mn users. They claimed that the PII was hashed using the bcrypt algorithm.
Later on, the world found out that around 1 Bn more records were compromised which now included security questions and answers. Yahoo suffered an estimated loss of $350 Mn from its sale price.
Its internet business could garner $4.48 Bn from Verizon.

2. Adult Friend Finder

Year: 2016
Breach Impact: Around 412.2 Mn user accounts
The famous FriendFinder Network reported a data breach during October 2016. The attackers were able to collect data from last 20 years which had PII like names, email IDs and passwords. The vulnerability was the weak SHA-1 hashing algorithm .
AFF Vice President Diana Ballou mentioned in a statement, “We did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.”

3. eBay

Year: 2014
Breach Impact: 145 Mn users accounts
eBay reported a breach in May 2014. The attacker gained PII and passwords its 145 Mn users. The attackers used the credentials of 3 insider employees and were able to ue it for 229 days!
The said attacked resulted in decline in customer activity, but had less impact on the profits.

4. Target Stores

Year : 2013
Breach Impact: 110 Mn users.
A few weeks after Thanksgiving, the company discovered the breach.The supermarket giant thought that the attacked got access through the 3rd party vendor to its POS payment readers.
By 2014, the company realized that there was a breach of PIIs of 70 Mn customers. In the final estimate it declared a data breach of 110 Mn users.
The CIO of Target CIO resigned in 2014 followed by the CEO. The company estimated the cost of the breach to be $162 Mn.

 

Data-Breach

5. JP Morgan Chase

Year: 2014
Breach Impact: 76 Mn households and 7 Mn small companies
The global bank suffered a data breach in 2014. It compromised the information of more than half of all US houses and 7 Mn small companies registered with the bank. The data PII as well as internal information of the users, according to a filing with the Securities and Exchange Commission.

According to the bank, no money was stolen. Yet, the attackers did gain were able to take certain actions like transferring funds and closing of user accounts. As per the SANS Institute website, the bank expends $250 Mn on security per year.

VComply

6. RSA Security

Year: 2011
Breach Impact: Approximately 40 Mn users
The breach which managed to steal information of the SecurID authentication tokens of RSA is still debatable. It is said that 2 difference hackers had to work collaborate with a foreign government. Then, they executed numerous phishing attacks against the company’s employees to penetrate in the secure network. The cost of remediation was $66 Mn. The company is a quintessential security vendor and thus, an attack on them was a shock to all.

7. Adobe

Year: 2013
Breach Impact: 38 Mn users
Security blogger, Brian Krebs, originally reported this attack earlier. After a few weeks, they realized the seriousness of the damage . Originally, company believed that the exposed 3 Mn credit card data along with the login IDs for an numerous accounts.
Later, the word was that the attack was on 38 Mn “active users.”

According to Krebs it was 150 Mn users and password pairs. The company paid $1.1 Mn as legal fees according to the agreements.

To know more about various other security breaches, click here

Previous                                                                                        Next

FavoriteLoadingAdd to favorites