Despite having sophisticated cyber security machinery in place, corporate giants have been breached n number of times. Cybercriminals appear to be in stealing spree, sparing none, from giant retailers to banks, no target is unachievable for them. Cyber-crime tools and malicious software are spawning and getting cheaper. It discernibly indicates that black hat hacking and security breaches is unlikely to end in near future. Although there have been huge number of data breaches in recent years, yet some of them stand apart from the rest, in terms of their financial and societal impact they had on the affected firms and their customers.
Here is the list of 10 biggest Cyber Security Breaches of all time:
In 2013, 3 billion Yahoo user accounts had been hacked. In December 2016, Yahoo announced that user name, address, date of birth and telephone number of all Yahoo users had been compromised. The breach knocked off Yahoo’s sale price by $350 million. The investigative authorities of US government later announced that two Russian intelligence officers and two hackers were responsible for this hack which is the biggest data breach in history. Original intention of this mass data infiltration was to hack the data of eminent personalities of both Russia and the United States.
2. Adult Friend Finder
In October 2016, hackers sneaked into the FriendFinder Network and all its adult websites to gain access to the data including names, passwords, email address of 412 million users.
A Russian hacker had intruded into the internal data of the popular social media site, MySpace, in 2016 and accessed the personal information of 360 million users. Attackers stole the usernames, passwords, and emails from the website. Even though most of the users are no longer using this old social media site, they are still at potential risk if they reused the same password or email id in other accounts.
In June 2012, Russian hackers stole the usernames and passwords of 165 million LinkedIn users and tried to sell them off on digital grey markets. After the hack, popular professional social networking website recommended it’s users to change their account information and use two-step verification to safeguard the data from further infiltration.
5. Visa, Inc.
Cybercriminals from Ukraine and Russia gained access to Visa Inc website and stole 160 million user’s credit card and debit card numbers, cardholder name, and expiration date. This cyber attack ended up costing Visa Inc $300 million over the period of seven years.
In October 2013, Adobe’s network was breached, and the hackers got access to 150 million customer’s IDs and passwords. Brad Arkin, Adobe’s chief security officer, declared that the attackers deleted 2.9 million Adobe customers personal data, including customer IDs, credit or debit card numbers, expiration dates, and other information relating to customer orders. Adobe also confirmed that the source code of several Adobe products was also stolen in a separate incident. Adobe recommended all the affected customers to change their user ID and password to avoid unauthorised access to their accounts.
In May 2014, the online auction giant, eBay disclosed a cyber attack on the name, address, date of birth, and password of its 145 million users. It was later discovered that the hackers broke into the company’s website using the credentials of its three employees and gained access to the company’s databases and were able to swipe the sensitive data of all users. The cybercriminal couldn’t tamper with the user’s payment information as they were encrypted and safely stored in a separate database. After the incident, eBay requested all its customers to change their user credentials to avoid any potential further data theft.
Equifax, one of the largest credit reporting agency in the US, had announced on September 2017, that a data breach had compromised the personal information of its 143 million consumers. Social security numbers, credit card numbers, birth dates, and driving license numbers were all stolen in this hack. Cyber criminal hacked one of their websites by misusing one of their sensitive open-source software and gained access to the user database.
9. Heartland Payment System
Heartland Payment System, a US-based credit card payment company, was hacked on May 2008 but it was discovered only in January 2009 when Visa and MasterCard alerted Heartland of suspicious payments from its accounts.
Albert Gonzalez, a Cuban American, was the alleged mastermind behind this historic financial theft. The attackers stole the credit and debit card details of 130 million customers. Heartland was sued fort breach of trust with the Payment Card Industry Data Security Standard (PCI DSS) and was not allowed to process the payments of Visa, Master Card, and American Express until the company paid $140 million to the major credit card providers as compensation for fraudulent transactions.
10. Target Stores
In November 2013, The retail giant, Target Store, reported that cybercriminals hacked the personal data of 110 million customers in self-checkout lanes by installing malicious software on its point-of-sale system to steal credit and debit card details and other important information. The malware gained access to the personal information including names, addresses, telephone numbers and email addresses of the 70 million customers and payment details of 40 million customers.