Intruder Alert! Top Five Data Breaches this Decade
This is our roundup of five of the most impactful data catastrophes we researched, with a nice metric system to categorize our choices.
Data breaches seem to be on the rise in number and scope over the past decade, and it is increasingly likely that you have or someone you know has been affected by one. Being particularly invested in the future of the data-scape, our team was curious to go back and reflect on some of the high profile leaks that have pervaded the 2010s. Following is our roundup of five of the most impactful data catastrophes we researched, with a nice metric system to categorize our choices.
Imagine: you’re finally home, basking in the comfort of your fuzzy socks and pajamas, and settling into the beginning of your new favorite thing to watch on your favorite streaming service.
Then, you hear a subtle, metal-on-metal noise coming from the front door. You watch from your comfy perch as your deadbolt unlocks, and the door opens. A complete stranger casually walks in. Their face is featureless--no eyes to look into, no mouth to engage with a smile. They are anonymity manifested in physical form.
You barely acknowledge their presence and go about your binge watching. They go through your wallet, assessing the worth of your credit cards and gift cards, while you nibble at your snack. They browse the contents of the files and folders on your desk, taking whatever pleases them, while you laugh at your show. They explore your medicine cabinet, your refrigerator, your phone messages, your emails, your photos.
Then, they leave, just as casually as they entered. “They shut the door this time. That’s nice of them,” you think to yourself. Unconcerned, you sink into the couch, and sip your drink.
They’ve entered uninvited before, and you’ve changed the locks at least three times, but they always find a way to get in. You are resolved to your complacency; there’s no way to keep them out anymore.
Feel familiar? After a couple of decades of data breaches with increasing regularity, millions of people are starting to come to grips with what feels like the inevitable theft of their data.
And why wouldn’t they? The numbers don’t lie.
Since 2005, there have been 9,700 publicly recorded data breaches, with 1,537,040,000 records exposed to the highest bidder with who knows what intention. (Source: Statista.com)
Here are 5 data breaches that cost both the company and consumer:
It was really hard to do, but we’ve narrowed the list down to the top five data breaches this decade. Our metrics? The number of people affected, how much work the people affected have to do to react to the breach (called “hassle factor”), and the cost to the company involved.
Hassle Factor scale:
- 😡= Annoyance. Typical Remediation: changing passwords, adjusting security settings, etc.
- 😡😡= Extreme annoyance + potential for identity or monetary theft . Typical Remediation: freezing accounts, initiating or participating in class action lawsuits, etc.
- 😡😡😡= Irreversible, permanent damage or defamation. Typical Remediation: hiring a public relations professional, relocation, etc.
When it comes to data intrusion, the past decade has been brutal. Data breaches are now (nearly) daily occurrences, and companies are looking for ways NOT to make a list like this one.
Your company’s data security is king at MetaRouter. You are not alone.
Number Five: Singapore HIV Data Leak
- Breach Date: January 22, 2019
- Number of people affected: 14,200 registered Singaporeans
- Hassle Factor: 😡😡😡
- Cost to company: To be determined (litigation underway)
At first glance, this breach only affects 14,200 people--what’s the big deal? The more you read, the more this one is difficult to stomach. Singapore’s Ministry of Health has kept a database of HIV-positive citizens and residents since 1985, and that database was leaked. The person allegedly responsible for the leak is US citizen Mikhy Farrera-Brochez, who is HIV-positive himself.
The big deal is that Singapore has historically struggled with its acceptance of HIV-positive people, and to the degree that they only began allowing HIV-infected people into the country at all in 2015. Even after the ban, those who are still alive and affected by this leak are in fear of themselves or their loved ones discovering their HIV-positive status, a discovery that is wrapped in shame and judgment in a country that has only recently embraced supporting those affected within its borders. Others fear the loss of their jobs, their government benefits, and their societal standing in the midst of the leak.
While data breaches are often associated with losing money or identity, no amount of changing passwords, bank accounts, or security settings will restore the damage done with the Singapore HIV database breach. There is no undoing the impact of this leak for those affected and whose private information is now very public, which is why it makes our top five.
Number Four: Ashley Madison
- Breach Date: July 2015
- Number of people affected: 32 million international users
- Hassle Factor: 😡😡😡
- Cost to company: $11.2 Million settlement
Ashley Madison is a social network for people interested in discreetly having an affair. With a tagline like, “Life is short. Have an affair,” it’s no coincidence that our number four breach is also affiliated with irreversible, widespread personal and societal impact on its users. But let’s just put it out there—some portion of the public thinks the exposed users had it coming.
This breach is unlike the others, in that the entity responsible for the hack, the Impact Team, was methodical in approaching Ashley Madison about shutting down its website for moral reasons prior to releasing the identity of its users to the public. Ultimately, the identity of nearly 32 million users was released, and the damage done ranged from loss of employment, to suicides of affected users, and eventually to the $11.2 million settlement of a class action lawsuit.
When it comes to some of the worst kind of data to have stolen, this one earns the number four spot for all the right (and wrong) reasons.
Number Three: Yahoo
- Breach Date: August 2013
- Number of people affected: 3 billion email international accounts (all users)
- Hassle Factor: 😡
- Cost to company: (last settlement) $85 Million + $350 Million devaluation on its acquisition offer from Verizon
Oof. This one makes our number three spot for two reasons: 3 billion affected email users (all of them), and the timing of the breach announcement, which forced Yahoo to renegotiate its offer from Verizon. The result? The offer from Verizon was slashed by $350 million. That’s 1/3 of a billion dollars. Ouch.
Yes, this was one of the most costly data breaches of all time, and yes, 3 billion email accounts were affected. The nature of the data breached was more of a nuisance to users, though, and Yahoo suggested that users adjust their passwords, avoid suspicious emails, and add on their account key authorization. Inconvenient? Yes. Widespread? Absolutely, but this one receives a Hassle Factor of one angry face in light of the repairable annoyance.
Number Two: Target
- Breach Date: November 2013
- Number of people affected: Up to 70 million retail customers throughout the United States
- Hassle Factor: 😡😡
- Cost to company: $18.5 Million settlement
When America's most popular department store is compromised, it hits home for the millions of shoppers who relied on Target for household goods, groceries and more. With this breach, it also became clear—in case it wasn't before—that shopping brick and mortar can't protect you.
While Target was certainly able to bounce back from the breach and most customers were not materially affected, this event got people talking about data security in new ways. The general public wanted action taken to better protect their credentials, which led to the push for credit card chips. While the chip system wouldn't have actually made a difference, making the change felt like progress. Perhaps the most important outcome, however, is that people started thinking not only about the security of the companies they do business with, but also the security of the third parties who do business with the organization.
Number One: Equifax
- Breach Date: May - July 2017
- Number of people affected: 143 million customers
- Hassle Factor: 😡😡 and potentially another 😡 soon
- Cost to company: $439 million + (maybe) more as this plays out
This one earns the number one spot because of the huge number of customers impacted, for the giant cost to the Equifax now, and for the potential impact as the ramifications unfold over time. The story has yet to conclude.
According to Fraud.org, “...the compromised data included Social Security numbers, birth dates, addresses and in some cases, driver’s license numbers, credit card numbers, and documents provided by consumers in dispute cases.” This breach has the immediate potential for financial consequences and identity theft, and depending on how this data is ultimately used, there may be additional repercussions in the future.
Rather than hammer the point home with words, check out this figure for a breakdown by the numbers:
Nearly half of the citizens in the United States have had their most sensitive information, their social security number, compromised in this attack, and the government continues to sink their teeth into this juicy morsel. As of this week, Equifax is still being pummeled by congress, with no end in sight.
This data breach, unlike any other so far, has the highest likelihood of hitting home for someone you know, which is why it takes our number one spot. And do you know what sealed the deal? After doing this research, the author of this blog post was curious and decided to see if they were impacted by the Equifax breach. The results? Curious? Check here—we hope you’re not an unlucky winner too.
MetaRouter is a data engineering company with a mission to realize the robust and sustainable systems of the future. We create data routing solutions for all sizes, from our private cloud enterprise edition to our accessible hosted cloud offering. Sign-up for Cloud Edition or contact us about Enterprise Edition or with questions at support@metarouter.io.