Data breaches. The term itself can ring alarm bells in most organizations, and for good reason. A data breach usually means thousands spent on remedial measures, millions in regulatory fines and the invaluable loss of customers' trust and confidence. (Also read: Massive Data Breaches: The Truth You Might Not Know About.)
There have been numerous data breaches in modern times, forcing other organizations to undertake adequate data privacy and protection measures.
Here are the top 10 such breaches, and how to keep your organization from landing on a list like this:
There's really no other way to start a list of the biggest data breaches ever than with the 2013 Yahoo breach, which affected almost three billion users.
The breach's impact was a rapid $350 million reduction in Yahoo's market value -- while they were in the middle of a Verizon acquisition. The cyberattack's perpetrators were never identified, but Yahoo issued a statement asserting it believed "state-sponsored actors" may have been responsible.
Almost all Yahoo users' real names, email addresses, dates of birth, telephone numbers, authentication questions and other sensitive information was leaked in what is still considered the biggest data breach of all time.
Nearly a billion records were compromised when the First American Financial Corporation faced a data breach that led to bank account numbers, mortgage and tax records, social security numbers, wire transfer receipts and bond transaction receipts being compromised.
What sets this breach apart from the rest on this list is that it wasn't a breach in the traditional sense of the word. Rather than hackers breaking into the databases, the First American Financial Corporation failed to implement a secure authentication protocol which meant no one had to prove their identity to view the aforementioned documents. Once they accessed the documents, hackers used Advanced Persistent Bots (APBs) to collect, catalog and copy all data they had access to.
This glaring error went unnoticed for years. The New York State Department Financial Services (NYDFS) claimed the First American Financial Corporation did very little to ensure it had appropriate security measures to protect its critical data.
Marriott is not a typical digital service provider, which sets it apart from some of the other names on this list. However, the international hotel chain suffered a breach in 2018 that affected more than 500 million users.
The affected users' contact information, passport numbers, travel history, credit card information, social security details and Starwood Preferred Guest numbers were among the sensitive data that was breached.
Marriott faced a PR catastrophe, as it was slapped with a $24 million fine in the UK, hundreds of class action lawsuits and calls for its senior management to resign.
Following an internal audit, Marriott's use of outdated encryption protocols to store and secure its databases was the primary cause of the breach. The audit concluded the breach was carried out using a Remote Access Trojan (RAT) and Mimikatz. (Also read: Encryption Just Isn't Enough: Critical Truths About Data Security.)
MySpace may not have been as popular as some of the other social networking sites in 2016, but it wasn't any less shocking when the company announced to its users that their old information may be available for sale online -- or, more accurately, that it had been up for sale online for at least three months.
Time Inc., which acquired MySpace, reported a data breach had left 360 million accounts compromised, with their usernames and passwords available to be used to access users' information on other sites. The hackers behind the data breach were thought to be responsible for similar data breaches at Tumblr and LinkedIn.
When Adult FriendFinder suffered a data breach, there was absolute pandemonium all around. This was owed to the nature of the data breach, with information about users' casual hookups and other adult content being made public.
More than 400 users' the names, email addresses, passwords, pictures and other personal details were leaked online and freely available on leaksource.com. The databases compromised had 20 years' worth of information, with the users' credentials also available online. The site's use of SHA-1 hashing algorithm -- a fragile protocol by modern standards -- was the primary reason the database was so easily breached.
How a company the size of Twitter managed to commit such a gaffe will forever remain a mystery. In May 2018, the company sent an email to its 330 million users urging them to change their passwords, since some of them passwords had been stored on its internal computer system in readable text format.
Twitter reassured its users that the glitch had been identified before any data breach, so none of their information had been compromised. However, a 2010 Federal Trade Commission inquiry revealed that there had been at least two data breaches at Twitter where users' private data had been compromised due to lapses in Twitter's security protocols. (Also read: Uncovering Security Breaches.)
Compared to some others on this list, the Equifax data breach is fairly mild. However, the fact that the organization had to spend upwards of $700 million in remedial measures to help affected users made it a cautionary tale for other organizations.
Approximately 150 million users had their social security numbers, dates of birth, home addresses, driver's license numbers and credit card information stolen. The people responsible for the breach were never identified, even after lengthy congressional inquiries.
The inquiries did discover, however, that a vulnerability within the Equifax website had been exploited for months by those responsible for the breach. Other inadequate measures, such as the lack of database system segmentation, made the attacks even easier to carry out.
Facebook was already facing a public relations nightmare in 2019 over its less-than-adequate data protection practices when news of the 2019 breach broke. It was, and remains, the most significant breach in the company's history, affecting up to 540 million users globally. The perpetrators were never identified or caught, but it did reveal just how vulnerable Facebook's databases were.
How did it happen? Facebook had failed to adequately protect its global databases with the appropriate levels of encryption, and these databases were easily searchable online as a result. Users' phone numbers, genders and geolocation in the United Kingdom, United States and Vietnam databases were particularly vulnerable. This is precisely why it proved impossible to identify the perpetrators, since the databases were literally available via a simple Google search with no appropriate security measures to protect them.
The eBay breach came a few months after the Yahoo breach, with similar cases of compromised user data. While the 145 affected users (by some estimates) comes nowhere near Yahoo's numbers, the impact was not any less severe. Internal investigations revealed three of eBay's employees had been socially engineered, and their compromised credentials were used to gain access to the main eBay database. (Also read: Insider Threat Awareness: Avoiding Internal Security Breaches.)
The company informed all affected users and advised them to change their passwords, since attackers had accessed encrypted passwords as well. This led to New York's Attorney General calling on eBay to provide free credit monitoring services to users, which the company refused, citing a lack of financial fraud.
One of the most recent major data breaches, what makes the SolarWinds data breach so notorious is that there still isn't a reliable number of how many records may have been compromised. However, more than 18,000 organizations and government agencies globally are said to have been affected. The United States Attorney General at the time stated that the attack may have been Russian-backed.
The attackers got insider access to SolarWinds update packages and placed malware into the next scheduled update. These updates contained the necessary e-signatures, so whichever networks accepted the updates were compromised. The hidden malware spread throughout the entire SolarWinds supply chain, with at least 50 United States government agencies facing a "grave impact" since the attackers gained a foothold within their networks.
The aforementioned list should be reason enough for most organizations to consider a robust data protection and governance framework that can minimize the chance of a data breach occurring.
Here are five some steps most organizations can undertake to do so:
By far, the most fundamental measure an organization can take to minimize the risk of a data breach is to limit the number of people who have access to the data in the first place -- which is known as access governance. Theres no shortage of effective solutions that can help organizations address this issue.
For example, Securitis access intelligence via its Unified Data Controls allows organizations to identify which employees need access to what data and grant it to them on a strictly "needs-based" basis while also keeping detailed records to help with future assessments if necessary.
This may seem rather obvious, but many organizations make the mistake of not appropriately training their employees about just how easily hackers may gain access to the company's databases by exploiting careless employee behavior online.
Regular workshops and training can educate your team on best practices to ensure they follow adequate security protocols online. This could also include anti-phishing training on adequately securing their footprint online via cybersecurity tools such as anti-virus software, VPNs or proxies like IPRoyal and Avast. (Also read: VPNs vs Proxies: What's Best for Business.)
Yet another example of a relatively minor mistake that can lead to significant damage: Far too often, hackers exploit glitches in the software.
If an organization does not update its software regularly, the glitch will likely be present for that entire duration and can be exploited more easily.
Often, organizations are too rattled and disorganized if they do find themselves victims of a data breach. It's worth mentioning that, if proper measures are taken in the immediate aftermath of a data breach, the impact of the breach can be drastically reduced.
You should have protocols in place that can give real-time insights into exactly what data was compromised, how the damage can be limited and the remedial measures most necessary.
Last, but probably the most important, is to know precisely how to leverage encryption to your benefit. Organizations that have an old-fashioned approach to encryption fail to maximize the security encryption has to offer.
With lattice-based encryption and quantum computing now gathering steam, organizations can afford to ensure the best possible protection for all their data. Doing so guarantees that, if all else fails, your data is so well-protected that hackers gain nothing by breaking into the company's internal database.
Data breaches can happen to anyone -- even the largest, most well-established organizations. And often, they're the result of simple, easily solvable data management mistakes. By implementing proper data breach prevention practices beforehand, you can drastically reduce the likelihood of your organization suffering a data breach and recover more efficiently in the worst-case scenario. (Also read: What Is an Air Gap Backup and Why Do You Need One?)
Here is the original post:
10 Biggest Data Breaches Ever - And How to Prevent Them - Techopedia
- Report: NSA building comp to crack encryption types [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Report: NSA looking to crack all encryption with quantum computer [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Sound Advice: Explaining Comcast cable encryption [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- NSA Building Encryption-Busting Super Computer [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- NSA researches quantum computing to crack most encryption [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Advanced Encryption Standard - Wikipedia, the free encyclopedia [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- How Encryption Works - HowStuffWorks "Computer" [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Email Encryption - MB Technology Solutions - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Email Encryption - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Reversible Data Hiding in Encrypted Images by Reserving Room Before Encryption - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Toshiba WT8 Full Disk Encryption, Miracast, Easy Stand - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Australian Encryption | Text encryption software for the protection of your privacy - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- njRAT v0 6 4 server Clean Encryption - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- AlertBoot New Encryption Compliance Reports Prepare Covered Entities For HIPAA Audits [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- BlackBerry denies using backdoor-enabled encryption code [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- What Is Encryption? (with pictures) - wiseGEEK [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- HowStuffWorks "How Encryption Works" [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Gambling with Secrets Part 5 8 Encryption Machines - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- The Benefits of Hosted Disk Encryption - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Quill Encryption - what's that? - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- WhatsApp Encryption - Shmoocon 2014 by @segofensiva @psaneme - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- encryption demo2 - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- encryption demo - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Seven - Encryption Official Lyric Visual - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Quantum Computers - The Ultimate Encryption Backdoor? - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Eric Schmidt: Encryption will break through the Great Firewall of China [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- From NSA to Gmail: Ex-spy launches free email encryption service [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Tennessee bill takes on NSA encryption-breaking facility at Oak Ridge/SHUT. IT. DOWN. - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Substitute for:Measurements. 1 Episode. Strength of the encryption algorithm - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- RSA Encryption Checkpoint - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Gambling with Secrets 8 8 RSA Encryption 1 - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Google chairman says 'encrypting everything' could end China's censorship, stop NSA snooping [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- Ex-spy launches free email encryption service [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- 3 2 The Data Encryption Standard 22 min - Video [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- RSA Encryption step 3 - Video [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- RSA Encryption step 2 - Video [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- aes tutorial, cryptography Advanced Encryption Standard AES Tutorial,fips 197 - Video [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- Townsend Security Release First Encryption Key Management Module for Drupal [Last Updated On: January 27th, 2014] [Originally Added On: January 27th, 2014]
- RSA Encryption step 5 - Video [Last Updated On: January 27th, 2014] [Originally Added On: January 27th, 2014]
- Lavabit case highlights legal fuzziness around encryption rules [Last Updated On: January 28th, 2014] [Originally Added On: January 28th, 2014]
- A Beginner's Guide To Encryption: What It Is And How To Set It Up [Last Updated On: January 28th, 2014] [Originally Added On: January 28th, 2014]
- How App Developers Leave the Door Open to NSA Surveillance [Last Updated On: January 28th, 2014] [Originally Added On: January 28th, 2014]
- Intro to RSA Encryption step 1 - Video [Last Updated On: January 28th, 2014] [Originally Added On: January 28th, 2014]
- “Honey Encryption” Will Bamboozle Attackers with Fake Secrets [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Encryption - A Life Unlived (DEMO) - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Baffle thy enemy: The case for Honey Encryption [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- New AlertBoot Encryption Reports Make Dental HIPAA Compliance Easier [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- Encryption - The Protest - Video [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- Encryption - New Life - Video [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Encryption - Intro - Video [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Encryption - Blank Canvas - Video [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Security First SPxBitFiler-IPA encryption pattern for the IBM PureApplication System - Video [Last Updated On: February 3rd, 2014] [Originally Added On: February 3rd, 2014]
- Revolutionary new cryptography tool could make software unhackable [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- viaForensics webinar: Mobile encryption - the good, bad, and broken - Aug 2013 - Video [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- K.OStream 0.2 File Encryption Test - Video [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- Tumblr adds SSL encryption option, but not as the default [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
- Latest Java Project Source Code on Chaotic Image Encryption Techniques - Video [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
- Encryption - University of Illinois at Urbana–Champaign [Last Updated On: February 6th, 2014] [Originally Added On: February 6th, 2014]
- A Beginner's Guide to Encryption: What It Is and How to ... [Last Updated On: February 6th, 2014] [Originally Added On: February 6th, 2014]
- Real Data Encryption Software is More Important than Ever ... [Last Updated On: February 8th, 2014] [Originally Added On: February 8th, 2014]
- Caesar Cipher Encryption method With example in C Language - Video [Last Updated On: February 8th, 2014] [Originally Added On: February 8th, 2014]
- Hytera DMR 256 bit encryption - Video [Last Updated On: February 9th, 2014] [Originally Added On: February 9th, 2014]
- Townsend Security Releases Encryption Key Management Virtual Machine for Windows Azure [Last Updated On: February 10th, 2014] [Originally Added On: February 10th, 2014]
- Unitrends Data Backup Webinar: Utilizing The Cloud, Deduplication, and Encryption - Video [Last Updated On: February 10th, 2014] [Originally Added On: February 10th, 2014]
- Main menu [Last Updated On: February 12th, 2014] [Originally Added On: February 12th, 2014]
- Use of encryption growing but businesses struggle with it – study [Last Updated On: February 12th, 2014] [Originally Added On: February 12th, 2014]
- SlingSecure Mobile Voice Encryption Installation Video for Android - Video [Last Updated On: February 12th, 2014] [Originally Added On: February 12th, 2014]
- Data breaches drive growth in use of encryption, global study finds [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- Darren Moffat: ZFS Encryption - Part 2 - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- Darren Moffat: ZFS Encryption - Part 1 - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- How do I configure User Local Recovery in Endpoint Encryption Manager 276 - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- Symmetric Cipher (Private-key) Encryption - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- SafeGuard File Encryption for Mac - Installation and Configuration - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- Fundamentals of Next Generation Encryption - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- Tutorial: Einrichten der EgoSecure Endpoint Removable Device Encryption - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- 'PGP' encryption has had stay-powering but does it meet today's enterprise demands? [Last Updated On: February 15th, 2014] [Originally Added On: February 15th, 2014]
- Fact or Fiction: Encryption Prevents Digital Eavesdropping [Last Updated On: February 15th, 2014] [Originally Added On: February 15th, 2014]
- RHCSA PREP:answer to question 20 (Central Authentication Using LDAP with TLS/SSL Encryption) - Video [Last Updated On: February 15th, 2014] [Originally Added On: February 15th, 2014]
- Protect+ Voice Recorder with Encryption - Video [Last Updated On: February 15th, 2014] [Originally Added On: February 15th, 2014]