Businesses and government entities of all sizes and types are at risk for data breaches. Hackers and other criminals constantly seek out the weaknesses and flaws within the business’ or agency’s structure.
The results can be profound. Not only could the sensitive information of thousands — or even millions — of people be at risk, but trust can be eroded. Additionally, the financial fallout can be felt for years afterward.
The Decade’s Worst Data Breaches Exposed
The past decade is replete with data breaches that put the personal information — including social security numbers, addresses and birth dates — into the hands of those with nefarious intentions.
1. Sony Pictures
In late 2014, a hacker group with ties to North Korea leaked confidential data about Sony Pictures. Some of the information made public included personal information about both the company’s employees and their families, as well as future Sony films plans, executive salaries, copies of unreleased films and more.
The “Guardians of Peace” group claimed responsibility and demanded that Sony Pictures canned its upcoming movie, The Interview. The group was upset regarding the film’s plot which centered on the assassination of Kim Jong-un, the country’s leader.
Once the hackers leaked the confidential data, it also unleashed malware on the company. The result was the erasure of Sony Pictures computer infrastructure.
2. eBay
Also in 2014, the massive online auction retailer, eBay, suffered a significant breath in its cybersecurity systems. About 145 million customers had sensitive data — such as their passwords, addresses, names, phone numbers and more — accessed by cyber criminals. Although eBay released information about the breach in May 2014, the thieves retrieved users’ confidential data a few months before that.
3. Yahoo
Yahoo made dubious headlines when the details of a data leak within the company came to light in September 2017. Unfortunately for the three billion accounts that were affected, the compromise actually occurred in 2013.
Not only that, but Yahoo’s approach to cybersecurity was severely lacking. The company used encryption methods that were both easy to breach and outdated.
4. Target
As shoppers flocked to its stores to take advantage of 2013 holiday sales, hackers targeted Target’s data. About 40 million debit and credit card numbers were compromised.
Other information was stolen as well. Data such as credit and debit card expiration dates and card security codes (CSCs,) along with customers’ names, could easily be exploited by cyber thieves. In 2015, the company announced it would pay its affected customers $10 million.
5. JPMorgan Chase
JPMorgan Chase, as the United States’ biggest bank, houses the sensitive financial information at a scale unlike mere retailers. Unfortunately, seven million small businesses and 76 million households saw their data compromised in a breach that started in June 2014.
Identified in July 2014, the fallout meant that customers’ information like their phone numbers, addresses and emails had been accessed by hackers operating from an overseas location.
6. The United States Government’s Office of Personnel Management
The Office of Personnel Management (OPM) experienced a breach affecting roughly 4 million federal employees. Both former and current workers were affected by the intrusion which was spearheaded by the Chinese government in 2015. Even more disturbing is the fact that the hackers were also successful at doing the same thing within the agency less than one year prior.
7. Anthem
As the nation’s second-largest health insurance provider — behind only UnitedHealth Group — Anthem stockpiled millions of records containing sensitive data. In February 2015, about 79 million of these stored in Anthem’s database were breached.
Data that was accessed included employment records, names, income information, Social Security numbers, birthdays and more. During the summer of 2017, the company stated they would settle lawsuits over the data breach for $115 million — the largest such settlement at that time.
8. Myspace
While not really a household name any more, at one point in time, Myspace was more popular than Facebook. Even though the social networking site had long peaked by 2016, there was still cause for concern when it announced a data breach in May of that year.
Passwords, user names and email addresses were among the confidential information contained within approximately 360 million accounts. While many people no longer post anything to their Myspace account, they might still be using the same password they created back then for other websites.
9. Capital One
Overnight, even people who had only applied for a Capital One credit card found that their personal information could have been breached. The financial company announced the intrusion in late July 2019.
The stolen personal data of a total of 106 million people — 100 million in the United States and another 6 million in Canada — was compromised. This included sensitive information like phone numbers, self-reported income, names, phone numbers, addresses and more.
One bright spot in this incident: Capital One announced that less than one percent of Social Security numbers were accessed by the hackers. The financial giant stated they would offer free identity protection and credit monitoring to those affected.
10. Equifax
As one of the big three credit reporting agencies, Equifax has the confidential data of hundreds of millions of consumers in the United States stored in the company’s databases. Unfortunately for nearly half of the country’s population, the company announced a data compromise in September 2017.
For a three-month period spanning May through July 2017, nearly 146 million customers had their data like date of births and Social Security numbers hacked. Additionally, the thieves also stole the credit card numbers of over 200,000 people.
Equifax was slow to announce the issue with the company taking over a month to do so. In addition to providing free credit monitoring to those affected, Equifax also stated it had inked a consumer settlement worth $675 million or more as a result of the fiasco.
11. Home Depot
Self-checkout is a convenient and quick way for consumers to complete their purchases. For those people who visited Home Depot stores in 2014 from April through September might have gotten more than they bargain for though.
It was during that time that the largest home improvement store in the United States experienced a data breach. More than 50 million customers were affected when they used their payment cards while engaging in the stores’ self-checkout lanes.
12. Facebook
Two datasets originating from Facebook apps and containing the private information of some 530 users of the social media giant were compromised according to an announcement in April 2019. Account names, Facebook IDs and phone numbers were exposed during the breach.
To make things even worse, the information gleaned from the hack was freely posted on the dark web. In April 2021, this revelation spawned the fear that the masterminds behind the nefarious behavior could be intent on exacting real harm to those exposed.
13. LinkedIn
In 2012, LinkedIn revealed that 6.5 million passwords has been swiped by cyber attackers. Afterward, the data was freely posted on a hacker forum originated from Russia.
By 2016, it was announced that the hacking incident involving LinkedIn was masterminded by the same hackers who was found selling data gleaned from the Myspace.data breach.
14. Adobe
Software giant, Adobe, isn’t immune from the clutches of cyber criminals. It was in October 2013 when the company announced that three million credit card records had been compromised.
Just a few days later, Adobe revised its information. The company noted that over 150 million hashed password pairs and usernames were also taken during the attack. Other information that was exposed included credit and debit card data, customer names and password information.
Adobe agreed to pay legal fees of $1.1 million as well as about one million dollars to users involved in the breach.
15. Heartland Payment Systems
Although Heartland Payment Systems isn’t a household name like the other companies featured on this list, it’s a solid bet that most people who have shopped in the United States have had their credit and debit card transactions
In fact, the credit card processing company handles about 100 credit and debit card transactions every month for about 175,000 merchants. Hackers were able to access the company’s computer system and take possession of private information.
Cyber criminals have a lengthy history with exposing vulnerable data. Getting to know the resources available that address these incidents can go a long way toward protecting confidential information and keeping it out of the hands of hackers.