Last updated: April 23, 2018
8 Worst Security Breaches: Is Your Data Safe?
The information age is made possible by the lightening-fast exchange of data, making that data today’s all-important currency. As precious as our personal and private data is today, it must be kept safe.
How Safe Is Your Data?
Individuals can take action to safeguard our usernames, passwords, and personal information. But when every precaution is taken, is your information guaranteed to be kept out of the wrong hands?
Who gets access to the data on your credit card’s magnetic strip when it’s swiped through that card reader? Who’s able to see the username and password you use on your favorite shopping sites?
Ever since sensitive personal information has been stored on computers, there have been hackers who have done their best to break into these systems and access that information to sell it to the highest bidder.
How Cyber-Thieves Steal Information
By hacking into computer systems and wireless networks, computer-savvy thieves can install malware to capture information like credit card numbers, usernames, and passwords at the press of a button. In some of the top security breaches in history, millions of credit card numbers have been captured by a single hacker. In 2012 alone, according to a study by McAfee, more than 25% of Americans were victims of a data security breach.
In the case of some government security breaches, the person who leaked the data didn’t have to hack into a single computer, but was handed those secrets in the course of their jobs, only to turn it over to the public, sometimes putting lives at risk.
What’s worse, some of these hacked organizations delayed informing their customers, instead choosing to place priority on preserving their own reputation. Those delays put their customers at even more risk, leaving them unable to take measures to protect their information and recover their privacy.
You Can Keep Yourself Safe
There are precautions you can take to keep your sensitive data safe, like creating strong passwords and choosing carefully who you give your information to. But once your data’s out in the cloud, there are no guarantees. The eight worst security breaches below show that no system is 100% safe.
The 8 Biggest Security Breaches in History
Proving that data – the currency of our age – is as insecure as it is precious.
The TJX Retail Hack
- 94 million credit cards compromised
- $171.5 million loss incurred by TJX companies
- Targets: TJ Maxx, Marshalls
- Years of hack: 2005-2006
- Hacker: Albert Gonzalez and accomplices (Stephen Watt and others)
- What happened: The gang hacked wireless networks of TJX and installed malware to siphon off magstripe data of credit cards.
- Outcome: Card data was sold to eastern European criminals, who forged credit cards.
The Adobe Hack
- 3 million encrypted credit card numbers stolen
- 38*-150 million Adobe user accounts compromised (*official Adobe figure)
- Year of Hack: 2013
- Target: Adobe
- Perpetrator: Unknown
- What happened: Huge numbers of Adobe client logins were stolen along with the source code for Photoshop and other Adobe products.
- Outcome: Security firms claimed hackers had snagged data allowing them to “easily guess” passwords of 108-150 million users.
The Heartland Payment Systems Hack
- 130 million customer accounts compromised
- $110 million paid in compensation by Heartland
- Targets: Heartland Payments, Hannaford Payments
- Year of Hack: 2008
- Perpetrators: Alberto Gonzalez and two unnamed Russian hackers
- What happened: Hackers installed malware on the payment companies’ network to obtain card details as payments were processed.
- Outcome: The hackers were indicted in 2009. Gonzalez is serving a sentence of 20 years.
The eBay Account Hack
- 145 million potential eBay users’ login data stolen
- 3 months – Time taken for eBay to report the hack to customers after discovering it.
- Year of breach: 2014
- Target: eBay
- Perpetrator: Unknown
- What happened: Hacking employee accounts, fraudsters obtained a colossal number of encrypted passwords and other user data stored by eBay.
- Outcome: No financial data was stolen, but eBay urged all its clients to change their passwords. eBay is under investigation by at least 4 states (Florida, Connecticut, Illinois and California) and the UK’s ICC, into the magnitude of the breach and eBay’s actions.
The Great Corporate Hack
- Over $300 million of damage caused to target companies
- 160 million credit card numbers stolen
- Targets: Nasdaq, Citigroup, Carrefour SA, 7-Eleven, PNC Financial Services, JC, Penney
- Years of breach: 2005-2012
- Perpetrators: Vladimir Drinkman, Alexandr Kalinin, Roman Kotov, Mikhail Rytikov, Dmitriy Smilianets
- What happened: Russian and Ukrainian hackers breached systems in 4 US states, plus the Netherlands, Panama, Germany, Ukraine, Bahamas and Latvia.
- Outcome: Credit card numbers were stolen and peddled to criminal networks. 5 of the alleged hackers were indicted in July 2013 in the US.
The Mt. Gox Bitcoin Hack
- 850,000 BTC reportedly stolen from Mt. Gox
- $480 million worth of bitcoins stolen at the time of Mt. Gox bankruptcy
- Target: Mt. Gox online bitcoin exchange
- Years of Hack: 2013-2014
- Perpetrator: Unknown
- What happened: Hackers exploited a weakness in the system to siphon off immense sums of bitcoin from the exchange’s cold storage.
- Outcome: Mt Gox filed for bankruptcy in February 2014 after the loss, and began liquidation in April.
The NSA-GCHQ Leaks
- 50,000-200,000 top secret NSA-GCHQ documents estimated leaked
- 1.7 million intelligence files alleged to have been stolen, a figure refuted by Snowden
- Year of Leak: 2013
- Targets: National Security Agency, Government Communications Head Quarters
- Perpetrator: Edward Snowden
- What happened: Snowden, an NSA security contractor, leaked top secret data revealing ubiquitous online surveillance by the NSA and the GCHQ.
- Outcome: The ensuing journalistic investigation proved US and UK intelligence agencies were operating with impunity – causing public outrage.
The WikiLeaks Cables
- 700,000 confidential US government documents leaked to WikiLeaks
- $200,000+ cost to the Pentagon of assessing damage
- Year of Leak: 2010
- Targets: US military, Dept. of State
- Perpetrator: Chelsea Manning (formerly Bradley Manning)
- What happened: Former serviceman Manning leaked US military data and diplomatic cables to WikiLeaks. Outcome: Manning, a national hero for many, was sentenced to 35 years in a military prison in 2013 for what was dubbed the greatest data leak in US history.
The biggest challenge to data security is not external, but the enemy within. While most are criminal, the most sensitive data breaches were perpetrated by Snowden and Manning – acting in accordance with their conscience and, so they hoped, in the public interest.
Whatever your stance on their actions, one thing remains clear – NO system is impregnable.
- Edward Snowden: Leaks That Exposed US Spy Programme – bbc.co.uk
- 5 Hackers Charged in Largest Data-breach Scheme in US – bloomberg.com
- Pentagon Says Snowden Took Most U.S. Secrets Ever: Rogers – bloomberg.com
- Collateral Murder – collateralmurder.com
- A History of Bitcoin Hacks – theguardian.com
- Edward Snowden: ‘The US Government Will Say I Aided Our Enemies’ – theguardian.com
- Defense Intelligence Agency Assessment of Damage Done by Edward Snowden Leaks – theguardian.com
- The US Embassy Cables – theguardian.com
- Consumer Advice Following eBay ‘Hack’ – ico.org.uk
- Adobe Breach Impacted at Least 38 Million Users – krebsonsecurity.com
- Adobe to Announce Source Code, Customer Data Breach – krebsonsecurity.com
- 1.5 Million Card Numbers at Risk from Hack – money.cnn.com
- 5 of the Biggest-ever Credit Card Hacks – money.cnn.com
- Mt. Gox Allegedly Hacked: “This Could Be the End of Bitcoin” – motherboard.vice.com
- Ebay Hack, 2nd Largest in US History, Leaves Questions Unanswered – my.chicagotribune.com
- Heartland Payment Systems Hacked – nbcnews.com
- Feds Charge International Hackers with Stealing 160 Million Credit and Debit Card Numbers in Massive Scheme – nj.com
- Ebay Asks 145 million Users to Change Passwords after Cyber Attack – reuters.com