banner

Data and technology are often underappreciated for the world-changing things that they are. With their advancements, we as a society have evolved to solve countless problems while building a world rich with opportunities for everyone.

Yet despite all that goodness, there is a caveat to living with digital infrastructure – and that’s keeping it secure. Cybercrime has soared over the decades to become a lucrative job for those who would otherwise rob banks and stagecoaches. Only now the consequences are arguably more far-reaching, with everyone having something to lose from an attack.

In fact, chances are that you or someone you know was directly affected by the 10 biggest data breaches in US history – let’s take a look at the list to learn more about why they happened and the impacts they had.

2013-2016 Yahoo! Breach

We know what you’re thinking – who uses Yahoo! anymore? The answer is no one, and this is a big part of the reason why. Between 2013 and 2016, the search giant unintentionally exposed roughly three billion user accounts to Russian hackers, allowing them to gain access to sensitive pieces of information like names, email addresses, phone numbers, birth dates, passwords, calendars, and personal security questions.

Yahoo! initially reported that the attack wasn’t as bad – only one billion people had been affected. But after Verizon bought the company out in 2017, it was revealed that roughly three billion accounts had been compromised by the breach.

January 2021 Microsoft Business Breach

Incident number two on our list gets extra points for being chaotic because it not only affected countless people but businesses as well. 60,000 Organizations around the world turned red in January 2021 when they discovered their Microsoft Exchange servers were the target of a massive cyber attack.

All clients needed to be vulnerable was an internet connection and a locally managed on-premises system. From there, cybercriminals could exploit four different zero-day vulnerabilities to gain access to emails, passwords, and other sensitive data.

While Microsoft was quick to patch up these vulnerabilities and release a security update for its Exchange platform, the incident highlights the importance of staying up to date with security patches and ensuring that your system is as secure as possible.

May 2019 First American Financial Corp. Leak

Although it technically doesn’t qualify as a breach – more of a leak – this incident in May 2019 is more than worthy to be among the top 10 data breaches in US history. It was then that First American Financial Corp. (FAFC), a real estate title insurance giant, was found to have accidentally exposed 885 million files containing personal information about customers.

The issue was eventually traced back to a flaw in the company’s website security, Insecure Direct Object Reference (IDOR). Cybercriminals were able to use the vulnerability to freely explore documents containing a range of sensitive information, such as Social Security numbers, bank account numbers, driver’s license images, and tax documents.

2021 Facebook Breach

Facebook deserves a spot in the Hall of Shame when it comes to security breaches. We’ve seen multiple major controversies and attacks take place over the past two decades, the most notable of which happened back in 2021.

A problem with the social media platform’s contact synch feature exposed the names, phone numbers, and passwords of over 530 million people to the public. This happened just two years after it was reported that Facebook employees had unauthorized access to 600 million user accounts’ data in plaintext files.

2018 Facebook / Cambridge Analytica Scandal

Again, less of a breach and more of a failure of security protocols, the Cambridge Analytica scandal was a major data privacy breach that rocked the social media world in April 2018. The company illegally harvested private information from over 87 million Facebook users without their explicit knowledge or consent.

This data was used to influence elections in almost every major democracy of the world. It is believed that Cambridge Analytica had targeted millions of Americans and Britons with psychological tactics based on their harvested data—like most users who access Facebook, these people had no idea their data was being used for such a purpose. The scandal has led to multiple federal investigations in the US and Europe. In 2019, the US Federal Trade Commission (FTC) issued a record $5 billion fine against Facebook for its failure to protect users’ privacy.

April 2021 LinkedIn Data Scrape

In April 2021, the world witnessed yet another company experience one of the biggest data breaches of all time. This time it was LinkedIn’s turn to fall victim to a malicious data scrape. Hackers scraped the professional networking website to obtain the private information of 700 million people, or about 93 percent of its user base at the time. The stolen data allowed bad actors to target executives and other high-profile individuals with malicious emails and phishing attacks.

June 2014 JPMorgan Chase Breach

One of the largest banks in the US, JPMorgan Chase allowed more than 76 million households and seven small businesses’ data to become compromised in June of 2014. Initially, it was reported that the attack only affected one million accounts, however upon further investigation, it became clear that the attack had been going on for quite some time – a full month from June to July. The stolen data included names emails and phone numbers.

April 2014 Home Depot Attack

In one of the more creative entries on the biggest data breaches list, hackers were able to pull off a massive attack on Home Depot in April 2014 using custom-built malware. This malicious software was designed to target the payment card records from customers and, by the end of it all, had stolen over 56 million records.

It took five months for Home Depot to detect and remove this malware from their networks in September 2014, at which point it had already affected millions of customers. The breach was one of the largest ever to affect a store-based retailer in US and Canadian history.

June 2013 MySpace Hack

The 2013 MySpace Hack was indeed one for the record books, exposing 360 million user logins, names, dates of birth, and more. It is believed that this breach occurred due to extremely poor security measures in place at MySpace. Its use of an unsalted hash algorithm made it easy for hackers to crack their passwords.

This breach caused major financial and reputational damage for MySpace, as it had to spend millions of dollars to contain the situation and rebuild its reputation.

November 2019 FriendFinder Networks Breach

More than two decades’ worth of information was stolen in 2016 as popular adult entertainment platform FriendFinder fell victim to a massive data breach. The incident most notably affected the company’s subsidiaries, AdultFriendFinder and Penthouse. 412 million users from those databases were affected, in addition to 15 million deleted accounts that were still stored in the company’s servers.

September 2018 Marriott International Hack

Known for its world-class hotels, Marriott International gained notoriety for another reason in September 2018. The company’s Starwood database was compromised by hackers who took valuable information about virtually every reservation made at Marriott’s Westin, Sheraton, Four Points, St. Regis, and W Hotels – about 500 million people.

Billions of dollars in losses aside, what’s perhaps the hardest thing to believe about the biggest data breaches list is the fact that it will only become more significant as the years go on. History indicates cybercrime happens a lot, and at the rate, the world is currently going, new records for the worst breach in history are just a matter of time. It’s up to everyone – businesses and everyday individuals alike – to do their part in keeping everyone safe in this new reality. At TeraDact, we empower customers to establish a trusted relationship with their data through our suite of data protection and security products. Reach out today to do your part in keeping everyone safe in this rapidly changing cyber world.

Leave a Reply

Your email address will not be published. Required fields are marked *