Data Breach Roundup: The Biggest Hacks on Record, Recent Attacks and Impacts

HodlX Guest Post Submit Your Post

Cybercriminals have introduced a new threat to the security of both businesses and consumers. Their ability to access sensitive data allows them to use information for many sinister deeds. Perhaps because it is something we have heard about in the news on a regular basis, many of us have become less threatened by the idea of cybercrimes. As well, with stricter regulations in place to protect your information, you might feel that having your identity stolen, or your credit information used, poses less of a threat then it once did. However, although companies are now required to let consumers know their systems have been breached and often pay some hefty fines when a breach occurs, it doesn’t necessarily mean you are completely protected. Once there is a breach, your credit information and other vital data can been stolen. That means recent attacks can have an impact on you.

How Does a Data Breach Occur?

Simply put, a data breach is the infiltration of a data source with the intent to access and extract sensitive information. Cybercriminals will use their talents to access a computer or an entire network in order to steal files remotely. There is no need for Mission Impossible tactics where the criminals have to break into a facility and dodge security lasers to reach their target. Instead, everything is done remotely, making it difficult to locate them and impossible to restore the stolen information. Once it’s taken, it can be used by the infiltrators.

Data breaches take a lot of work and smarts beginning with research to find weaknesses in the system and its security. Once they find a way in, they will contact the network or undertake a social attack which uses employees to access the network. This can be done using spam in which an employee is sent an email which requires login information. It can also be done using malicious attachments. Once in the system, the network can be attacked, and the data can be extracted.

The Biggest Breaches on Record

The fact that breaches have occurred on a massive scale in the past decade shows that although it is a crime for criminals with geeky tendencies, the information accessed is on an astronomical scale. Here are a few examples of the biggest breaches we have seen in a little over a decade:

In August 2013, three billion records were stolen from Yahoo. This was not only the largest breach on record, but also a wakeup call to people who had Yahoo accounts. It is believed this was a state-funded crime with the two leading suspected nations being China and Russia. However, there is much debate and speculation that naming suspects was Yahoo’s attempt to avoid embarrassment that they were hacked so easily.

In July 2017, 145.5 million records were stolen from Equifax providing the names, social security numbers, birth dates, and addresses of what adds up to close to half of the US population. There were 23 other countries affected including close to half a million people in the UK.

In December 2013, 110 million records were stolen from Target with the cybercriminals not only infecting the company’s point-of-sale machines but also reaching close to 40 million debit and credit cards, complete with names, banking info and PINs. TJX was also breached in December 2006 when 94 million records were stolen.

In July 2014, credit service provider JPMorgan Chase had 76 million household records and 7 million small business records stolen including names, addresses, phone numbers, email addresses, and more, while 57 million records were stolen from Uber in November 2017.

Federal Agencies and Military

Targets for data breaches range greatly and can include federal agencies around the world. In July 2018 a breach shut down the Hong Kong Department of Health’s system for two weeks as part of a ransomware attack. Cybercriminals attacked another medical service provider, Anthem, in May 2015, breaching access to over 80 million names, birth dates, social IDs, email addresses, and employment information.

In May 2017, a military contractor for the UK had sensitive data accessed, while over 18 million federal employee records were breached at the US Office of Personnel Management in April 2015 including social security numbers and training details.

Educational Institutions

In March 2014 the records of over 300,000 students, faculty, and staff members at the University of Maryland were compromised including birth dates, university ID numbers, and social security numbers. The University of Greenwich was also attacked in the UK in 2004. In this case the institution was found responsible for exposing the data and fined ?120,000.

The infographic below shows a timeline of the most sophisticated cyber attacks in recent history. It also identifies what type of data cybercriminals are targeting most, and how businesses can protect themselves in the future.

The Data Stolen

As you can see, there are many different types of data stolen, in most cases providing information required to access funds. This can include duplicating credit cards or using your personal information to commit fraud. Other cyber related crimes can even include blackmail, which was believed to be the incentive when hackers breached the “cheaters” social media site, Ashley Madison, in 2015. Identity theft is also common, and sometimes data is sold or dumped on the Deep Web.

Common stolen data includes:

Member name
Date of birth
Social insurance number
Member identification number
Email address
Mailing and/or physical address
Telephone number
Banking account number
Clinical information
Claims information

What to Do If Your Data Is Breached

Cybercriminals tend to target large companies as they prefer to steal info in bulk. However, should you hear of a breach with a company you have dealt with in the past, you can take the following steps to make sure your data is secure:

Contact your bank to change your PIN codes and look for anything suspicious on your bank records or credit card use.

Be diligent when opening emails especially from financial institutions or accounts with retailers and online shopping sites. Once cybercriminals have your email address, they can use it to try to get more info such as PINs for banking or credit cards.

Never click links, or open or download files from unknown sources.

Contact the breached company to see if they can enroll you in a fraud victim assistance program.

Data breaches pose a very really threat and to avoid being compromised you should always make sure you use a different user name and password for accounts, and avoid using words. Instead choose a mix of letters, numbers and characters to make it harder to take advantage of any stolen data.