Reflecting on the last decade, we can learn a lot, especially regarding how the importance of cyber security is always increasing. We have seen trends in cybercrime continue to rise, and cyber criminals rely on a variety of tactics.
Looking back at the top 10 breaches of the last decade can help us prepare for a more cyber secure future.
2010-2011
Education Credit Management Company
- In March of 2010 a “portable media device” was stolen that contained the names, addresses, dates of birth, and social security numbers of 3.3 million students who have student loans in the US.
- 3.3 million students affected make up 5% of all students who have loans in the US.
- “Simple, old-fashioned theft,” said EMCC spokesperson.
2011-2012
Sony PlayStation Network
- 77 million people’s names, addresses, emails, birthdates, usernames, passwords, security questions and more were involved in the breach.
- The breach caused PlayStation Network to be inaccessible to users for a period of time
- A senior technology consultant from SOPHOS security firm said the breach was a “Public relations disaster.”
2012-2013
- 117 million users were affected by the breach
- 167 million accounts and 117 breached passwords after LinkedIn originally reported only 6.5 million users affected.
- “We take the safety and security of our members’ accounts seriously. For several years we’ve offered protection tools such as dual factor authentication,” stated Cory Scott, LinkedIn’s Chief Information Security Officer.
2013-2014
Target
- 40 million customer debit and credit card accounts were breached.
- The breach originated from a small heating and air company that suffered their own breach after an employee clicked a malicious link. The breach allowed cyber criminals to take login credentials from the HVAC company that allowed them to remotely access Target’s network.
- There were “no controls limiting their access to any system including devices within the stores such as POS systems, registers, and servers,” cyber security analysts stated after performing a network assessment.
2014-2015
Ebay
- 145 million users were affected.
- The breach originated from a much smaller breach in which a number of employees login credentials were stolen.
- “We want to make sure it doesn’t happen again, so we’re going to continue to look at our procedures, harden our operational environment and add levels of security where it’s appropriate,” said an eBay spokesperson.
2015-2016
US Voter Information
- 191 million voters had details of their registration exposed. The data included names, addresses, birthdates, party affiliations, phone numbers, and emails.
- The breach was caused by an incorrectly configured database, which allowed voter’s data to be sitting on the internet exposed.
2016-2017
Yahoo
- Yahoo holds the record for the largest amount of breached data.
- Over 1 million user accounts were impacted in the breach in 2016.
- “The account information may have included names, email addresses, telephone numbers, birthdates, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers,” Yahoo stated.
2017-2018
Equifax
- 147 million consumers had their names, social security numbers, birthdates, credit and debit card numbers, and driver’s license numbers exposed.
- Equifax was first made aware of the vulnerability where the breach originated, 6 months before the breach took place. However, Equifax neglected to apply necessary patches.
- “This company’s ineptitude, negligence, and lax security standards endangered the identities of half the U.S. population,” New York AOG, Lititia James stated.
2018-2019
- 50 million users were affected. The breach included user’s sensitive information, including locations, contact details, relationship status, recent searches, devices used to log in, and more.
- Accounts that were affected and were used to log into other apps with Facebook were compromised as well.
- “It definitely is an issue that this happened in the first place. I think this underscores the attacks that our community and our services face,” stated CEO Mark Zuckerberg.
2019-2020
Zoom
- 500,000 passwords of Zoom accounts were the result of the breach.
- The breach was facilitated by criminal’s accessing passwords and usernames that had been involved in previous data breaches.
- “Unfortunately, people tend to reuse passwords…this is why the price is so low per credential sold (on the dark web), sometimes even given away for free,” stated a spokesperson for Zoom.
Have You Been A Victim of a Data Breach?
If you’ve been involved in a data breach the best thing you can do for the safety of the rest of your accounts and your business is to change compromised passwords immediately and cease using the compromised passwords for other accounts. You can easily enable multi-factor authentication to protect your accounts too.
Without the right protection, you’re putting yourself and your company at risk. Studies have shown that almost 80% of data breaches could have been stopped if multi-factor authentication was enabled.
If you’re not sure if you’ve been involved in a data breach or not, you should check. A tool called Have I Been Pwned was developed by some of the good guys to help users identify if they’ve been a victim of a data breach. All you need to do is enter your email into the search bar, and within seconds you’ll be able to see if you’re email address has been involved in a data breach, and even which ones.
You can also test your passwords the same way to make sure you’re not using compromised ones.