World’s biggest data breaches in the last 2 years
By definition, data breaches are an intentional or an unintentional release of secure or private information to untrusted environment. This article accounts all the biggest recent data breaches that happened in the last 2 years. However, after tones of research on the subject of data breaches that happened in the last 2 years, we discovered that big companies do not suffer any direct tremendous financial losses while there customers suffer, having their accounts stolen. Nonetheless, they still have to meet the cost of fixing and resolving any data breach that occurs. Many companies have been hacked in recent years with millions of data stolen. This often happens due to company’s failure to comply with data protection policies and their negligence to protect data from cyber-attacks. Now, with the EU GDPR law coming into force in May 2018 and which will impose heavy fines on companies that fail to comply with the new data security standards. For example according to Article 83, Paragraph 4,5 & 6 , the companies will be fined by 10 million or 2% of the annual worldwide turnover (whichever is bigger) for minor noncompliance and 20 million or 4% of the annual worldwide turnover (whichever is bigger) for major faults. And this is a more significant price they’d pay in addition to the costs of fixing the problem.
Most recent Data breaches
A subsidiary of a French company Vivendi, one of the biggest video sharing websites in the world had millions of its users’ accounts stolen and private information disclosed by some hackers. It is counted that the hacker had stolen 85.2 million unique accounts from Dailymotion. The hack attack has been carried out on October the 20th, 2016 and the hackers identity is still unknown according to sources. If EU GDPR was in place now, Vivendi would have been charge with a heavy fine estimated at over 300 million euro as their annual turnover is over 7 billion euro.
Consequences: Dailymotion have urged their users to change their passwords and usernames as soon as possible to counteract the cyberattack and keep their data unexposed.
A hacker stole over 427 million passwords and emails from MySpace and tried to sell them for $2,800. It appears to be as one of the largest social networking hacks and many people have deleted their old and unused accounts. From available information, we know that MySpace annual revenue is around 100 million dollars. They’d be fined by roughly over 4 million dollars for data protection policy incompliance.
Consequences: For users is caused more problems as so many of them use the same password for multiple sites on the internet. It’s easy for a hacker to trace accounts with similar passwords. The company started working with law enforcement and this case is still under investigation. The main suspect is a Russian cyberhacker that goes by the name ‘Peace’, who allegedly is also responsible for Tumblr and Linkedin attacks.
A web design platform was hacked last February by anonymous hackers. The intruders stole usernames and passwords of over 43 million accounts although they were secured with a strong hashing algorithm bcrypt. Weebly has denied any data breach trying not to attract too much of media’s attention to the matter. There is no information on Weebly’s finances and we cannot estimate the fine that they would be charged with. We can only say that it would be either 20 million euro or 4 percent of their annual turnover (whichever is greater) as a serious data breach has been carried out.
Consequences: The company’s spokesperson stated that they had carried out an internal investigation and no breach has been discovered. Thus they are denying a claim that they have been hacked and little details are known.
Over 32 million registered users’ accounts have been hacked by an anonymous villain who Yahoo believe to be the same ‘state sponsored actor’ who had been behind the massive Yahoo hack in 2014 when 500 million accounts were breached. The hacker used forged cookies in order to access users accounts. As of last year’s revenue it resulted in 5.6 billion dollars. Because a major breach happened they’d have to pay fine of over 224 million euro.
Consequences: This hack has brought to Yahoo’s general counsel and secretary resignation as it was revealed that Yahoo’s senior executives and their legal team didn’t sufficiently pursue the security incidents. Following Yahoo revelation that they had been hacked, the company’s stock price decreased by nearly 5% and the deal of selling the company to Verizon Communication was put at risk. Eventually the price dropped down $350 million from the initial price of $4.8 billion.
2016 Data Breaches
Turkish Citizenship Database
It has been hacked and the hackers published all the data with all the citizens’ information such as names, city of birth and other details. It has also been regarding the Turkish current president Erdogan and criticizing his way of ruling the country claiming that people like him are ruining their state.
Consequences: Consequences are unknown but also information about Turkish officials that have been profiting from ISIS oil has been acquired. This shows the lack of government’s capability to prevent such crimes. The main consequence is that they have been exposed.
It is the second largest health insurer in the US and approximately 80 million names and birthdates were stolen from their database. It has given Anthems reputation a black eye as many of their clients started feeling threatened that their personal financial details are no longer secure although Anthem’s spokeswoman denied that clients credit/debit card information was at risk. There fine would be 3.4 billion (as their turnover is 85 billion) if the American government would have a GDPR.
Consequences: The company’s people responsible for complying with privacy laws regarding data where charged with fines for not complying with them.
Philippines Commission on Elections
Anonymous hackers that call themselves ‘Anonymous Philippines’ posted a message on the COMELEC website, warning the government not to mess with the elections and posted the entire data online. It is considered as the most biggest hacker attacks that had ever occurred with the Philippine government. The data dump consisted of personal and sensitive information, such as fingerprints and passport details of over 55 million Philippine voters. Also they published download links to spread the data as diversely as possible.
Consequences: A couple of suspects have been apprehended. Two of them being graduated computer students, residing in Manila the capital of Philippines. The state started working with Microsoft in order to learn how to prevent anything like that happening again.
A massive hack of prisoner phone calls happened with this company. Securus is a phone call provider for US prisons and over 70 million calls have been hacked. It is said that it had violated the attorney-client privilege as it is estimated that about 14,000 of those phone calls were attorney-client calls. The calls span a nearly 2 and a half year period from December 2011 and ending in the spring of 2014. The hacker tried to show that Securus is not secure and he was proven successful in doing that. Securus have been criticized for even recording the calls after the leak of data has occurred.
Consequences: The issue has caused a huge scandal, as over 700 attorneys were unhappy that their private calls have been revealed and Securus is currently dealing with many lawsuits.
US Voters database
An unknown hacker has hacked the voters database that contained information of 191 million citizens from all the 50 states of America. It is reported that the data has been exposed due to improper configuration of this database. The information was leaked on the internet but was only available to the users in US. Federal Bureau of Investigation and other state bodies have been working on finding the person who has revealed all the data and refused to comment.
Consequences: The database was eventually taken down but the fact that it had been out there for everyone to access, outrages many people. The American officials put their blame on the notorious Russian hackers.
Perhaps one of the most serious hacks that happened over the past couple of years. Up to 117 million accounts have been stolen in 2012 and it was getting worse last year, although four years have passed since the initial cyber-attack. Every day, someone’s account got hacked as the hacker started selling user accounts data on the black web. It is known that LinkedIn generates billions in revenue annually. In 2015 their annual total revenue was almost 3 billion. So we can estimate that their fine would be approximately 120 million, which is a gigantic sum. That is only if GDPR were in place.
Notable Data breach before 2015
In 2012 we have witnessed on of the worst hacking incident ever. We are still learning details about the enormous cyber-attack on Saudi Aramco. The world’s largest and most valuable company, regardless of sector or industry.
At the time of the attack, in matters of hours, 35,000 computers were partially wiped or totally destroyed. It affected most logistics of the company and ARAMCO ability to supply 10% of the world’s oil was at risk. The world most valuable company on Earth was thrown back to 1970s technology of typewriters and faxes.
When it comes to cost, the Sony Pictures and The American Government cyberattacks are dwarfed in comparison.
Data breaches and what you can do !
There have been many data breaches throughout recent years and giant companies become the victims. Not only big companies suffer from data breaches, but also many different size companies with databases that store customers personal information. Companies must understand that it is important to keep an eye on the data security and follow all the security rules. Not only to safeguard their strategic assets (customers data) but also to avoid tremendous fines from the EU. Firms today must work within the EU GDPR law compliant, as there’s not much time left. EU GDPR is a fantastic precaution that the European Parliament came up with to insure that users and clients data is protected at all times, help stop cybercrime, showing regular citizens of EU how important it is for them to keep their data secure and protected.
Companies don’t necessary have the skilled workforce or knowledge to manage their data breaches well. It’s best to hire cybersecurity companies to help them navigate the data’s water to minimize the risks and maximize the benefits. PixAlert is such a company that have been working successfully and effectively with many firms across all sectors. PixAlert go to the trenches with you to help you better deal with your data and protect it.