Cyber security is becoming a growing concern in the modern day as cyber criminals develop further their means of attack. Without extensive cyber security measures in place you leave yourself and your business increasingly vulnerable to a cyber attack.
From phishing to ransomware and much more, if you fail to prepare for attack then you might as well prepare to fail – as the saying goes.
However, some cyber breaches are bigger than others. With some of the biggest companies in the world falling victim to cyber attack, it proves that an attack can happen to anyone.
Here are the 7 biggest cyber breaches of all time:
7) Adobe (October 2013)
38 million usernames and passwords were stolen from active accounts (BBC). That number doesn’t include inactive accounts who may have also suffered from the breach as well. Trying to contact inactive users proved to be a struggle for Adobe.
Adobe users’ passwords were hashed and user names were stolen making it tricky for adobe customers to access the software that they require. With this theft taking place, there was also increased risk of Adobe customers being hacked on other websites if they had used the same login credentials.
The cyber attack on Adobe triggered the software company to send out password reset emails to all the affected accounts.
It was reported that nearly 3 million encrypted customer credit card details and login information for an undisclosed number of accounts.
As well as the stolen passwords, hackers also stole some of the source code for the picture editing software, Photoshop.
6) Uber (2016)
The hackers gained access to Uber’s GitHub account where they managed to steal 57 million users’ information including usernames and passwords (Guardian).
They also stole 600,000 driver license numbers off uber drivers. These credentials should have never been on GitHub in the first place. This was the first of Uber’s cyber security mistakes.
To make matters worse, Uber failed to announce that they had been hit by a cyber security breach until a year after the event.
And it doesn’t stop there!
Uber actually paid the attackers £79,000 to destroy the data that was stolen. There is no proof that the attackers did delete this data either.
When the attack was announced Uber was planning a sale for £54 billion which, in the end, sold for £38 billion. Uber stated that the attack didn’t impact the figure but, analysts have found it difficult to see how it wouldn’t have.
5) PlayStation Network (April 2011)
Hackers stole 77 million users’ information (Guardian) including data such as; usernames, email addresses, passwords, security questions, and payment history.
Viewed by many in the gaming community as the worst data breach of all time – the now defunct hacking group, ‘Anonymous’, claimed responsibility. They attacked Sony with a series of DDOS attacks which brought down the PlayStation Network for an entire month.
This was a personal attack on Sony after Anonymous was unhappy with the legal actions against George ‘Geohot’ Hotz. However, Anonymous stopped their attacks quickly as they realised the biggest effect the attack was having was on the end user.
After Sony realised the attack, they informed customers that some of their credit card numbers and expiration dates had been stolen.
Three years following the breach, Sony agreed a £12 million settlement. On top of the settlement, PlayStation experienced estimated losses of £135 million while the network was down for over a month.
4) Equifax (July 2017)
A high volume of personal information from 143 million consumers was stolen following the Equifax cyber security breach, including; social security numbers, dates of birth, and addresses. Credit card details were stolen from a further 209,000 consumers.
It took Equifax little over two months to realise that they have been hit by a cyber attack. After the cyber security breach became public, Equifax was unsure how their stolen data had been used.
There were financial implications to the US company, with Equifax handed a £500,000 fine by ICO (Information Commissioner’s Office), the UK data watchdog (Telegraph). This is because they failed to protect 15 million people in the UK whose personal details were also stolen in the cyber security breach.
The seriousness of this breach was that hackers could pose as the victim to take out credit cards, mortgages, and loans. In this event, being hacked could have meant an enormous cost to the individual, not to mention significant risk of identity fraud, without the victim even knowing.
3) eBay (May 2014)
The cyber attack affected around 233 million user accounts (Guardian) and took eBay an entire 3 months to recognise that the attack had occurred.
Hackers got into the company network using the credentials of three corporate employees. Following the attack, eBay was light on the details of how this came about. What it did demonstrate however was that even eBay, a huge business that oversees thousands of transactions a day, had insufficient cyber security practices in place.
eBay asked users to change their passwords immediately. However, any financial information such as credit card numbers were proven to be secure.
The impact on the company was a decline in user activity and significant damage to eBay’s reputation.
2) Marriott (2014 – 2018)
Based on how long the attack lasted (over a period of four years!), you could argue that the Marriott data breach was the most devastating. Upon discovering the hack, Marriott found that hackers had access to their network a whole 4 years before Marriott found out. This cyber breach was kept out of the public for a very long time and as the details developed, questions were raised over Marriott’s cyber security.
Cyber thieves had stolen 500 million user accounts (Forbes) where they acquired information such as;
- Payment details,
- Mailing addresses,
- Phone numbers,
- Email addresses; and
- Passport numbers.
As you can see, the nature of the data breached from this attack was very serious. The data was stolen through their guest reservation database, which had been compromised by an unauthorised party.
The cyber attack was a breach of GDPR which was introduced in May 2018. Therefore, the financial impact could be enormous with the fine being up to 4% of Marriott global turnover. To Marriott, with an annual turnover of around £20 billion (Marriott Annual Report 2018) – a fine will be a large chunk of their profits.
It is unknown why it took the company so long to announce the attack. Under new GDPR rules, an attack should be announced within 72 hours of the attack being known.
1) Yahoo (2013 – 2014)
Yahoo arguably suffered the biggest data breach ever. The attack had an impact of 3 billion user accounts in total (CSO) – every single account in Yahoo’s system.
Passwords were stolen by cyber criminals through a hashing technique. Yahoo users were unable to access their accounts because there password didn’t not match the username. As well as passwords, hackers stole; names, email addresses and security questions and answers.
This cyber breach knocked a total of £275 million off the sale price of Yahoo and the internet company eventually sold for £3.52 billion dollars. Still a significant amount of money, but for context – only a few years before the breach, Yahoo had been valued at £78 billion.
Simply put, this breach all but wiped out Yahoo, paving the way for Google to dominate.These are examples of big business suffering significant damages as a result of insufficient cyber security.
However, the size of your business doesn’t matter. If you don’t take your cyber security seriously, you will get found out. But with the right systems in place you can help prevent a cyber security breach.To make sure that your business is secure from cyber attacks or you want advice on cyber security contact us at firstname.lastname@example.org or on 01283753333.