After Google+ shut down for good over a data breach in October 2018, we tracked down the most scandalous corporate privacy kerfuffles
It’s no secret that cybercrime is causing chaos in businesses even after the General Data Protection Regulation sprung into action in May 2018. Poor cybersecurity practices and damages caused by information being leaked to third party organisations is predicted to cost the world $6tn by 2021. And given that four in ten companies suffered an online breach in a year’s time, according to figures released by the government, it’s important entrepreneurs protect themselves from laptop-wielding larcenists as well as their own leniency towards protecting private data. And there are various ways they can do so without breaking the bank.
However, from Facebook’s Cambridge Analytica fiasco to hackers getting their hands on Uber users’ data, companies continue to have problems with cybersecurity. Google is the latest firm to join the list of companies with questionable digital defences after it was revealed that third-party developers may have had access to half a million Google+ users’ private data. The firm also chose to withhold the information. Consequentially Alphabet, the parent company, decided to shut down the service completely.
Below we offer what we believe are 20 of the most significant data breaches to hit the globe which not only cost millions of dollars but also consumer trust and brand reputation.
In what’s one howler of a data breach, Yahoo! was responsible for exposing three billion people’s information in 2013. The company only announced the attack in 2016. While it originally stated that only one billion users were affected, it later revealed that all accounts that existed at the time of the hack had been breached. It certainly didn’t make things better when the first attack was followed by a subsequent one in 2014 where 500 million accounts where accessed by Russian hackers. The US Securities and Exchange Commission slapped the firm with a $35m fine for the second hack. More damaging was the fact that the company had to slash $350m of its $4.83bn asking price when Yahoo! was sold to Verizon in 2017.
Friend Finder Network
Most of us like to keep our sex lives private. So it was a bit of a shock in 2016 when Friend Finder Network, the adult entertainment company, revealed that Adult FriendFinder, the sex and swingers community, had not only been attacked but that 339 million accounts had been affected by the hack. On top of that, Friend Finder Network also saw two of it’s other services, Cams.com and Penthouse.com, see two million and seven million accounts hacked respectively. In total 412 million accounts were affected.
The social network Myspace reported in May 2016 that hackers had managed to get their hands on its members’ email addresses and passwords. The Time Inc. company didn’t admit how many accounts were hacked but according to LeakedSource.com there were over 360 million accounts involved, Techcrunch reported. While Myspace is a bit of an abandoned digital island these days, it still doesn’t look too good, does it?
In May 2016, social media platform, LinkedIn reported a data breach in 2012 that compromised the personal information of 165 million user accounts. A hacker called Peace claimed to have access to 117 million email and password combinations and was selling them on the dark web.
In March 2018, sports retailer Under Armour revealed its fitness app MyFitnessPal been attacked. The result was that 150 million people’s usernames, email addresses and passwords were stolen. However, the company claimed the passwords were encrypted and that payment card data was not affected and neither were government-issued identifiers like driver's licences.
In September 2017, cybercriminals penetrated Equifax, the consumer credit reporting agency, and stole the personal data of 147.4 million people. The breach raised concerns over the amount of information brokers collect on consumers, which can range from public records to mailing addresses and other personal details. Former Equifax CEO Richard Smith stepped down after the breach and the company said in March 2018 that the data breach had cost it $114m.
The online marketplace eBay witnessed the theft of 145 million customers' information in May 2014. The origin of the breach came from hackers getting their hands on a small number of employee log-in credentials which gave access to eBay’s corporate network.
The birth of Facebook's biggest scandal to date saw more than 100 million users data being harvested by the data profiling company Cambridge Analytica. The scandal resulted in Mark Zuckerberg having to testify in front of the United States Congress and the European Parliament after it was revealed that Cambridge Analytica had allegedly meddled in the US elections. It didn’t help people’s privacy concerns when Facebook faced a hack in September 2018. This breach potentially affected 90 million accounts, including Zuckerberg’s and his deputy Sheryl Sandberg‘s, according to The New York Times.
More than 92 million MyHeritage user accounts were compromised in October 2017 due to a data breach at the DNA testing website. A researcher found a file named myheritage on a private server. While DNA data wasn't made public, emails and passwords were, according to Bloomberg. The company said it found no evidence the data was ever used by the perpetrators.
Uber suffered a hack that affected 57 million customers and 600.000 drivers worldwide in 2016. Of those users, 2.7 million were in the UK. The breach was kept under wraps by the ride-hailing firm until 2017. Uber confirmed that names, email addresses and mobile phone numbers of customers were exposed and that the affected drivers had their names and licence details compromised. According to Bloomberg, Uber's former chief executive Travis Kalanick as well as other executives knew about the breach for over a year before it was announced to the public.
The app for extra marital affairs had the personal information of 32 million site users exposed in July 2015. It was apparently the work of a group called Impact Team who were against the idea of the firm. The parent company even offered $500,000 to anyone who could help catch the one behind it but received no leads. At least, none that we know about.
Social app Timehop disclosed a data breach in July 2018 which impacted 21 million users’ names, email addresses and phone numbers. In a blog post, Timehop told users that it detected a network intrusion which occurred because the credentials to its cloud environment were compromised and that the cloud account didn't have multifactor authentication. No private messages, financial data or social media data were accessed, the company stated.
In May 2017 the online guide to restaurants reported data from 17 million users had been stolen, including email addresses and hashed passwords. The firm discovered the breach and subsequently logged affected users out of their accounts as well as asking users to reset passwords. However, it said in a security notice to customers that users logging in via Facebook or Google were not at risk.
British retailer Dixons Carphone, which owns Currys and PC World, was subjected to an enormous data breach in July 2017. While originally estimating that 1.2 million customers’ data was compromised, Dixons Carphone later confirmed in July 2018 that the breach actually affected ten million customers. The firm claimed no bank details were stolen and there was no evidence that fraud had taken place.
In 2017, Britain's retail franchise CEX, disclosed it had been hacked. The breach compromised the data of two million customers. CEX said that despite its best efforts at security a sophisticated attack compromised the system. The affected details included names and surnames as well as email addresses and phone numbers. Credit card details were thought to be at risk as well. The company advised affected customers to change their passwords as a precautionary measure.
In July 2017, insurance company Bupa revealed that an employee had inappropriately copied information including names, dates of birth and some contact information, however no medical information was compromised. The misuse of information affected over 500,000 customers.
A sophisticated breach between Tuesday August 21 to Wednesday September 5 2018 saw 380,000 passengers personal and financial details being stolen. A post on the BA website said people should contact their banks if they think they were affected by the attack.
In April 2017, loan company Wonga fell victim to a large data breach that hit 245,000 of its customers in the UK. Bank account numbers, sort codes, names, email addresses, home addresses, phone numbers and the last four digits of debit card numbers went amiss in the incident. Wonga advised customers to notify their banks and request their accounts were put on alert for unusual activity and recommended being extra vigilant.
In November 2016, Tesco Bank, the consumer finance wing of the British supermarket giant, froze its online operations after 20,000 customers had money stolen from their accounts. The breach was noticed after 40,000 people saw odd transactions on their accounts, the Independent reported. The bank, which has over seven million customer accounts, said it would cover any financial costs of the breach. In October 2018, the company was fined £16.4m by Financial Conduct Authority, the UK data watchdog.
Delivery and logistics firm FedEx came under fire in February 2018 when it was discovered that extremely sensitive customer data was stored on an open server, essentially making all the information public. The was discovered by Kromtech security researchers. The open server included thousands of scanned documents including people’s passports, driving licences, security IDs as well as home addresses, postal codes and phone numbers.
Looking at these huge scandals it’s fair to say leniency towards how companies handle data cannot be justified anymore, if it ever could. It’s indeed time for business bosses to beef up their cybersecurity system before they get fined or worse – close down their business.