Regardless of the industry, most companies and institutions involve some sensitive data such as PII in their operations. If this information is not effectively protected, it will affect the interests of hundreds of millions of civilians and may cause immeasurable financial losses to enterprises. The following article reveals some key figures, extent of losses, and trends in data breaches by studying data breaches of public companies and private companies in the United States over the past three years.
Key figures about data breaches
Let’s first look at a set of eye-catching figures
The data breaches we have chased over the years
Marriott Starwood Data Breach
On November 30, 2018, Marriott discovered that the room reservation database of its Starwood hotels had been hacked. Approximately 387 million of the customers who booked between 2014 and September 10, 2018 The names, dates of birth, gender, addresses and passport numbers of the guests were leaked. Marriott also added that the possible leak also included encrypted credit card information and could not rule out the possibility that encryption keys were stolen at the same time. Marriott was fined $912 million for data breaches and faces multiple legal actions worth up to $12.5 billion.
Facebook was hacked
On September 28, 2018, Facebook announced that the hacking attack discovered this week showed that attackers used code vulnerabilities to steal user account keys and potentially invade and Stealing 50 million user accounts. The vulnerability exploited by the hackers is related to the "Guest View" function. The purpose of this function is to allow users to view their own pages from the perspective of other users to determine whether others can see them after setting relevant privacy settings. The incident caused Facebook to lose US$43 billion in market value and face a fine of up to US$1.6 billion.
Online textbook rental company Chegg information leaked
On September 19, 2018, online textbook rental company Chegg stated that in late April, an unauthorized party gained access to the company's database that hosts user data. Permissions include names, emails, shipping addresses and passwords. User data for a range of brands including EasyBib may also be affected. Chegg shares plunged $12 a day after the hack was revealed.
Big data company Exactis data breach
In June 2018, big data company Exactis was discovered that its publicly accessible database exposed 340 million business and consumer accounts containing almost every Information on U.S. citizens includes home addresses, email addresses, ages, number of children, religious affiliations and even family pets. The information leakage of Exactis was not caused by hackers' database stuffing or other malicious attacks, but because the server was directly exposed to the public database search range without a firewall barrier.
Credit assessment giant Equifax data breach
In September 2017, Equifax discovered that it had been hacked between May and July, resulting in the personal information of 143 million users being compromised, and nearly half of the United States. The private information exposed at risk included names, Social Security numbers, U.S. ID numbers, addresses, driver's license numbers, Social Security account numbers, etc. It also included the credit card numbers of 209,000 people and the personal tax credit files of 182,000 people. It was the largest breach in history at the time. One of the most devastating data breaches. Equifax's stock price plummeted within a day of the incident being announced, and it faced $439 million in legal, remedial, insurance and investigative costs. Equifax’s CEO, CSO, Chief Security Officer, and CIO Chief Information Officer announced their retirement immediately after the incident.
Restaurant chain Sonic Drive-In was attacked
In September 2017, Sonic Drive-In discovered unusual activity in its credit card processor, which was likely installed on one or more point-of-sale terminals. The targets of attacks caused by malware are customers' credit card information. In the United States, 325 of the 3,600 chain stores were attacked by malware that lasted for 6 months, and 5 million credit cards were sold on the market. Sonic Drive-In paid $4.3 million in legal damages as a result.
Uber was hacked to steal user information
At the end of 2016, hackers obtained the personal data of tens of millions of Uber users and drivers by stealing Uber’s AWS instance credentials. The personal identity information of 57 million people was stolen, including phone numbers, email addresses, names, etc. In addition, the driver's license numbers of 607,000 drivers were stolen. Uber ultimately paid a $148 million legal settlement.
Two data breaches at Yahoo!
In 2016, Yahoo! announced two data breaches - one in September that compromised more than 500 million account holders There was another incident in December that affected more than 1 billion account holders. The leaked information was collected between 2014 and December 2016. Information stolen by hackers includes usernames, email addresses, phone numbers, birthdays, passwords, and security questions and answers. Yahoo! spent more than $95 million in remediation and legal fees and was fined an additional $35 million for failing to promptly disclose the hack to investors. Due to irregularities, Verizon acquired Yahoo! for $350 million less than the original offer.
The workplace social software LinkedIn was hacked
In 2016, a Russian hacker named Peace sold LinkedIn user information on the dark web. There were 167 million pieces of total data, 117 million of which included account numbers. The crypto was sold for 5 Bitcoins which at the time was approximately $2,200. Hacker Peace said the data originated from an attack in 2012, when Peace hacked LinkedIn and sold more than 6 million LinkedIn account information online.
Which company is the worst to be caught in a data breach?
Enlightenment of data breaches
Anshu Network discovered some characteristics from the above data
*The author of this article: An Shujun, reproduced from FreeBuf.COM