Data hacks, also known as a data breach, are becoming increasingly common and more severe. Some of the world’s biggest companies have fallen victim to hacks in recent years. Many thousands of smaller businesses are hacked every day.
Hackers are becoming more sophisticated and keeping up with changes in technology and security, meaning no business is immune from hacking.
With GDPR fast approaching, it’s more important than ever that companies protect and secure the data they hold. From May 2018, any company who suffers a data breach can be hit with a substantial fine.
Some data breaches have attracted global media attention, with the number of people affected reaching into millions. In this blog, we look at some of the biggest data breaches in recent years, the impact they had on the company involved and how they happened…
When: August 2013 and September 2014 (revealed 2016)
Users affected: 3 billion
Top of our list are the Yahoo data breaches of 2013 and 2014, which together affected all 3 billion user accounts. The breach was revealed three years later in 2016. It is the largest data hack in history.
According to a Yahoo statement, an “unauthorised party” used forged cookies which allowed hackers to access user accounts without a password. Information stolen included names, dates of birth, email addresses and hashed passwords. Yahoo advised that the hackers did not access bank details or credit card information.
Yahoo’s valuation was damaged following news of the data breach at a time when the company was being bought by US telecoms giant Verizon. The purchase did eventually go ahead, with Verizon buying the company for $4.48 billion; around $320 million less than the original $4.8 billion asking price.
When: May 2017
Users affected: 143 million
The US-based credit reference agency was hacked in May 2017 in a data breach that exposed the social security numbers of more than 140 million Americans. It’s estimated that 700,000 Britons were also affected, with stolen data including phone numbers, driving licence numbers and email addresses. An Equifax spokesperson said those people affected were at possible risk of criminal activity. In the wake of the breach, the company’s chairman and CEO resigned.
This hack wasn’t the first time a credit monitoring company had been targeted. Another of the company’s websites was attacked in May 2016, with the personal data of around 430,000 customers stolen.
When: October 2016
Users affected: 57 million (customers and drivers)
In October 2016 hackers obtained the data of 57 million Uber customers and drivers. The global taxi phenomenon concealed the breach for more than 12 months, paying hackers $100,000 to delete the data.
The names, email addresses and phone numbers of millions of customers were accessed. The hackers also obtained the licence numbers of around 600,000 drivers in the US.
In the aftermath of the scandal, the cab-sharing firm’s Chief Security Officer left the business. The CEO promised the company would “learn from our mistakes”, saying “none of this should have happened.”
When: March 2014
Users affected: 145 million
eBay’s 2014 data hack affected 145 million customers. Unidentified hackers stole names, email addresses and other personal data in what the UK’s Information Commissioner called a “very serious” breach. eBay did confirm that credit card information stored in its PayPal subsidiary was not accessed.
eBay shares fell in value following the hack, and users of the online marketplace were urged to change their passwords.
When: July 2015
Users affected: 37 million
“Life is short. Have an affair” declared infidelity website Ashley Madison before its July 2015 hack by a group calling themselves the ‘Impact Team’. The data breach made headline news around the world, with the sensitive data of around 37 million users accessed and made public.
The nature of the website and the fallout which followed for some marriages meant that parent company Ruby Corp. had to pay out $11.2 million dollars to hack victims.
If you would like more information on GDPR and how to protect your company from a data breach, come along to one of Core’s GDPR seminars. Core also offers GDPR assessments for businesses wanting to identify key issues for compliancy in their company. If you would like more details on our assessment, contact us here.