How much of your personal data is stored in the internet? How many websites know your real name, home address, phone number, and Credit card information? Too many to count?

Having these data online is really no longer a novelty. We no longer blink at the thought of filling an online form with our name and credit card number and hitting the SUBMIT button. In fact, with the amount of activities we conduct online, having these details on the ready makes our lives much easier and fuller.

Can you imagine going about your life without the joy that Spotify brings or the convenience that Amazon shopping offers? How absurd!

But the other side of the convenient fence is a dark and dreary place. Having all our information online makes us vulnerable to security breaches.

And becoming a victim of a data breach is perhaps one of modern man’s greatest fears.

The latest scare to make headlines comes to us care of Equifax, one of the largest credit card bureaus in the United States. Is this latest security breach the biggest to hit us? Let’s find out. 

Below is a handy infographic showing the biggest data breaches in recent history and other information that you need to know about security breaches in general:

Yahoo (2013-2014) – 3 billion

In a 2013 breach, Yahoo revealed that as ALL 3 billion users were compromised. Data breached included real names, Email Addresses, birth dates, and telephone numbers of users.

The Yahoo breach was not disclosed to the public until 2016, when the company was in talks to sell itself to Verizon. At the time, the company estimated that 500 million users were compromised during the hack.

But by the end of 2016, the number disclosed had increased to 1 billion accounts. According to Yahoo, there were two separate breaches but both took place in 2013.

One billion is such a HUGE number to comprehend, isn’t it? But guess what? THAT actually wasn’t the whole extent of the breach.

In October 2017, Yahoo revealed that ALL 3 billion accounts had been compromised during the data breaches. That’s right, ALL ACCOUNTS. Tsk tsk.

FriendFinder Network (2016) – 412 million

With more than 412 million accounts exposed, this is one of the biggest data breaches in recorded history. Names, email addresses, and passwords where some of the information collected by the hackers across six databases.

The breach took place around the middle of October 2016. Perpetrators stole 20 years of data from six databases in the FriendFinder Network.

The hackers posted the information they stole online. These were subsequently used for spam runs by other people with nefarious intent.

MySpace (Before 2013) – 360 million

It was disclosed in 2016 that the once popular social networking platform was breached, with more than 360 million users compromised. Hackers stole usernames, passwords, and email addresses.

Wait, is MySpace still a thing? It sure is! MySpace was actually relaunched in 2013. We know, we had no idea as well.

Anyway, according to Time Inc, which bought the social networking website, MySpace was hacked before the relaunch. Information from 360 million accounts were stolen.

LinkedIn (2012) – 167 million

With a total of 167 million users affected, the LinkedIn breach exposed email addresses and passwords.

The breach took place in 2012. The initial number of users affected was only 6.5 million. But a more recent offer of email and password combinations on a dark web marketplace reveals a much bigger breach: 167 million users affected.

160 million of the hacked accounts were unique email addresses. The remaining 7 million had only numerical user IDs and passwords.

eBay (2014) – 145 million

Exposing 145 million user records, the shopping network was hacked early in 2014. Hackers accessed records with passwords, email addresses, birth dates, and other personal information. No credit card numbers were exposed.

The attack took place in May of 2014. The hackers were able to access the company network by using the credentials of three employees.

Here’s the interesting part: the hackers had access to the database for 299 days.

Equifax (2017) – 143 million

About 143 million US consumers and more than 15 million UK records were compromised in the Equifax breach. Social security numbers, birth dates, addresses, license numbers, salary histories, and credit card data kept by the credit bureau were some of the information exposed.

An application vulnerability on one of the company’s websites was said to be the cause of the breach, which was discovered on the 29th of July. However, the company has revealed that the criminals may have started stealing data about two months prior.

Heartland Payment Systems (2008) – 134 million accounts

This breach was the result of a spyware that was installed using an SQL injection on the data system of Heartland. 134 million credit and debit cards were exposed.

Heartland Payment Systems, at the time of the hack, was responsible for handling payment card transactions for small to medium-sized retailers. The transactions amounted to 100 million per month.

The people behind the breach were caught the same year that the hack was discovered. The mastermind, one Albert Gonzalez, was sentenced to 20 years in federal prison.

Target (2013) – 110 million accounts

Up to 110 million people were compromised when the giant retailer was hacked in 2013. Information breached included credit and debit card information.

Makes you wary about shopping at this beloved retail chain, doesn’t it? But here’s the kicker: the breach took place before Thanksgiving in 2013. In other words, holiday shopping is truly a lot more stressful than we have previously thought and experienced.

The total estimated cost of the breach was $162 million. The incident led to both Target’s CIO and CEO resigning in 2014.

JP Morgan Chase (2014) – 83 million 

With 76 million households and 7 million small businesses impacted, the bank became a victim of a data breach in July 2014. Information compromised included names, addresses, phone numbers, and email addresses.

Internal information regarding bank customers, such as credit cards and investment products, were also accessed.

Four people were arrested in 2015 in connection to the breach.

Anthem (2014-2015)

Hackers gained access to names, birthdates, email addresses, Social Security numbers, incomes, addresses, and other employment details of about 80 million users when this health insurer was breached.

According to a memo Anthem sent to its clients, suspicious database activity were detected on December 10, 2014. But it wasn’t until January 27, 2015 when said suspicious activities were halted.

A more recent (2017) data breach by an Anthem contractor affected more than 18,000 members’ Social Security and Medicare information.

Sony PlayStation Network (2011)

The network was breached in 2011, compromising personal information of about 77 million users. Names, addresses, and other personal information were stolen.

Sony maintains that no credit card details were exposed but stolen PSN credit card details showed up in the black market. There were reports of credit card fraud from users, too.

On top of the breach, the site was down for a month as well. Basically, users became stressed about the hack but they couldn’t access the media entertainment service in order to chase the stress away. Not cool, not cool at all.

Home Depot (2014)

The payment data systems of this home improvement retailer’s stores in the United States and Canada were breached, resulting in about 56 million data exposed. Damage was limited to credit cards.

The breach came from an infected malware in the retailer’s POS systems. The company revealed that the malware was “unique, custom-built,” and posed as anti-virus software.

How clever of the hackers.

Home Depot paid an estimated $161 million for settlement and insurance proceeds.

In this day and age, a data breach is one of our constants.  

Now do not lose hope. You are probably thinking that if  JP Morgan Chase, the biggest bank in the United States, can be hacked, do you or your small company even stand a chance? Should you just give up on modern life now and live in a cave?

Okay, don’t go all hermit on us just yet. There are things that you can do to protect yourself in case you become a victim of a data breach.

WHAT TO DO IN CASE OF DATA BREACH

If you are a user or consumer, here are the things you need to do:

1. Verify – Call your bank or service provider. Visit the company’s official website to verify the breach.

Perhaps you received an email from the company that was purportedly breached. Whatever you do, DO NOT click on the links included in any email notification you receive.

Because that is how you become a phishing victim.

What you do is go to the official website of the company and access or change any personal information there.

2. Change – Change your passwords.

Don’t change just the password to that one company that was breached. Hackers can be wily. They know that many people use only one password for most of their online accounts.

They might have access to only your social media account but that won’t stop them from accessing your bank information using the same password, too.

3. Notify – If you have been breached, contact the company and ask for fraud victim assistance.

If your credit card has been compromised, call your creditor and ask for a new card and a new number.

In case your debit card account was compromised, notify your bank and cancel said account. Open a new one with a new number and a new PIN.

4. Freeze – If possible, consider freezing your accounts.

Kelli Grant, CNBC:

With so much information affected, consumers are better served by freezing their accounts with Equifax, Experian and Transunion rather than relying on monitoring services, U.S. PIRG’s Litt said in the statement. That can keep thieves from opening new loans and lines of credit in your name.

For businesses, here are steps to take in case your enterprise becomes a victim of a huge data breach:

1. Don’t panic.

2. Assemble a task force – Form a team that will tackle the breach head on.

3. Stop further data loss – This can be done by taking all affected equipment offline, but only if the process will not destroy evidence. If company credentials were used to hack your databases, change those credentials immediately as well.

Andra Zaharia, Heimdal Security:

Even before you find out what has been discovered by online criminals, go and change as soon as possible your credentials for the important online accounts and servers where you keep your data and take offline or isolate if it’s possible servers, machines and parts of the system that contain the important stuff.

4. Keep all forms of evidence – Destroying them might not be helpful in the investigation.

5. Fix vulnerabilities – Some steps to consider include verifying security of affected service providers, checking network segmentation, working with forensic experts, and implementing a communication plan to reach all affected parties.

6. Notify appropriate parties – This does not include only those directly affected by the breach. Your company also has to notify law enforcement, your legal department, and other affected businesses.

Well, that doesn’t sound so bad, does it? As long as you have an action plan, even the biggest data breaches can be surmountable.

The major takeaway here is to always be smart and never panic. Whether you’re a consumer or a business, be smart. There is no denying the fact that hackers are crazy intelligent. But guess what? We can be smart enough to always be one step ahead of them.

And when your information is stolen, don’t panic. Notify the business or people involved and move forward to protect yourself or your company better.

The post Biggest Data Breaches in Recent History appeared first on Dead Drop Software.