The number of data breaches reported or registered worldwide has increased and are more likely to occur since huge amounts of data is being produced, gathered and stored minute by minute. According to this website reports about breaches go back starting 2004. Here are only a few of the most famous data breaches.
Uber – the company concealed a hack that affected 57 million customers and drivers in 2016. The hackers found 57 million names, email addresses and mobile phone numbers. The company’s former chief executive Travis Kalanick knew about the breach over a year ago and paid hackers $100,000 (£75,000) to delete the data. This is not the first fail for Uber… In January 2017 it was fined $20,000 for failing to disclose a considerably less serious breach in 2014.
Yahoo – in 2017 Yahoo has revealed that 32 million is the number of user accounts accessed in the past two years by hackers who used forged cookies to log in without a password. The company said that the cookie caper is likely connected to the “same state-sponsored actor” thought to be behind a separate, 2014 breach that resulted in the theft of user information from 500 million user accounts. Yahoo revealed the cookie caper in December, but the news was largely overlooked because the company announced at the same time that it had identified yet another security breach, which took place in 2013. In that breach, hackers stole information on 1 billion Yahoo accounts.
Equifax – 143 million American consumer’s sensitive personal information was exposed in a data breach at Equifax, one of the America’s three major credit reporting agencies. According to Equifax. the breach lasted from mid-May through July 2017. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.
eBay – following a cyber-attack that compromised encrypted passwords and other personal information eBay urged its 145 million customers to change their passwords in 2014. The attack originated after a small number of employee log-in credentials were compromised, which enabled cyber-attackers to gain access to eBay’s corporate network. Compromised information included encrypted passwords, customer names, e-mail addresses, mailing addresses, phone numbers and dates of birth, eBay says. The database that was exposed in the breach did not contain financial information, according to the company.
LinkedIn – in 2016 the professional social network company acknowledged that a massive batch of login credentials is being sold on the black market by hackers. LinkedIn was hacked four years ago, and what initially seemed to be a theft of 6.5 million passwords has actually turned out to be a breach of 117 million passwords.
These are only a few examples of Data Breaches occurred in the recent years. Data leak methods vary from accidentally published, hacked, poor security to inside job and lost/stolen devices. If interested you can find out more here.
Starting 25 May 2018 failing to notify their EU customers such data breaches might cost companies up to 10.000.000 EUR, or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher (article 83.4 GDPR). Information is beautiful indeed.