07th April 2016
The World's Worst Ever Data Breaches
Internet data isn't just a collection of code that makes the web spin, but as the internet has grown and our reliance, dependence and use of online technology has grown, we find ourselves putting more valuable data online. This is great as it means all our data is accessible from all over the world, but it also means that if the data were to be hacked or fall into the wrong hands, the consequences could be awful. The recent Panama Papers scandal is just another example of how even the biggest corporations and banks can be victims of cyber crime, leaking millions of valuable documents.
Although internet security software and protocols have improved over the years, some big data breaches have occurred which have costs companies millions, sometimes billions worth of money.
Here are the world's worst ever data breaches.
Is my Data Secure Online?
Over the course of a month, the average person spends over 60 hours on the internet, visiting 89 websites, logging into various sites 57 times. We happily give our personal information to companies, apps, websites and online stores assuming that they will take care of our data and handle it securely and responsibly. Unfortunately this isn’t always the case, and despite companies best efforts, putting time and resources into internet security and data protection, there are hacking groups that are capable of breaking down even the most complex encryptions and the most secure sites.
Whether the data breach results in financial data being lost or personal information and pictures, the impact can be hugely devastating to both companies and the general public.
2016: The Panama Papers
The Panama scandal is by far the biggest data breach we’ve seen so far with over 11.5m documents being stolen (roughly 2.5TB of data) including:
4.8m emails, 3m database files, 2.1m PDFs, 1.1m pictures/images, 320,000 text files – that’s a lot of data!
11.5 million documents including private accounts of the clients of Panamanian law firm, Mossack Fonseca were breached. Mossack Fonseca are responsible for administering offshore firms and providing ‘wealth management services’ (which many consider just to be tax avoidance schemes) to the mega-rich, including politicians, celebrities and CEOs.
The culprit is unknown and has demanded total anonymity whilst offering large amounts of data including documents data from the ‘70s that have been stolen from Mossack Fonseca. This data breach was huge. For more information on the Panama scandal, read our article here.
2014: Sony Pictures vs North Korea
This is one of the most high-profile corporation vs country scanrios in world history.
Sony were hacked on a massive scale losing 10 million records, potentially leaking every single piece of data that the company held. Data leaked included employee personal data, social security numbers, company salary information, unreleased scripts of future features, unreleased movies and classified documents.
Leading suspects are hackers based in North Korea who are most likely seeking revenge for the Sony movie, The Interview, which mocks North Korean leader Kim Jong Un.
Breach rating: 2/5
2004-2012: The Colossal Credit Card Caper
Going on for almost an entire decade, this data breach was another huge loss of information, with approximately 160 million bank accounts being affected. That companies that were targeted include some huge names such as 7-Eleven, JC Penney, Hannaford, Heartland, JetBlue, Dow Jones, Visa and more!
Over the course of eight years, a hacking group targeted banks, payment processors and chain stores, stealing over 160 million credit and debit card numbers along with the details of 800,00 bank accounts.
A Russian hacking ring was found guilty of stealing the data and then selling it to resellers around the world. They allegedly charged $10-50 per stolen credit card.
This breach could’ve cost the people affected millions, maybe billions of dollars. Breach rating: 5/5
2012: Apple vs Antisec
This breach followed a very simple data trail: a user installs a BlueToad app, the app then requests device ID which then sent unencrypted data to BlueToad. The data was stored unsecurely and was then hacked and distributed. Sounds simple enough.
Despite AntiSec’s claims of hacking an FBI laptop, the breach was caused by BlueToad, an app developer. BlueToad sent unencrypted user data from their apps, which is a massive violation of data security practices.
What Was Leaked?
In addition to leaking device IDs, BlueToad’s apps potentially leaked user’s names ZIP and postal codes and email addresses.
BlueToad have since updated their security code. Breach rating 2/5
2014-2015: Unsecure Uber
This breach spanned a few months – 290 days in fact- across 2014 and 2015. On the 13th of May 2014, Uber were breached but the breach wasn’t detected until 4 months after on September 17th. The breach was then announced on 27th February 2015.
Uber discovered that one of their databases had been accessed by an unauthorised third party. Although only breached, the hacker (or hackers) gained access to 500,000 drivers’ details. Uber then failed to notify the affected motorists for almost a year.
What Happened Next?
Uber were fined $20,000 and offered drivers that were affected a free one-year membership to an identity-motoring service.
The lack of communication between Uber and their customers was very poor. 1/5 breach rating.
2015: The Extra Marital Affair
This was a data breach that didn’t just have the potential to impact people’s bank accounts and shopping habits, people their marriages too. 37 million people were affected by the Ashley Madison data breach with credit card details, user home and email addresses, phone numbers, and other classified documents being stolen.
Extra marital affairs networking site, Ashely Madison (a dating site aimed towards married people and those in a relationship) suffered a massive 9.7BG data leak, which contained high sensitive user data, even though it was thoroughly encrypted.
Hacking group ‘Impact Team’ claimed responsibility and even threatened Ashley Madison before the breach took place. They demanded that Ashley Madison shut the site down, but they refused and as a result, they paid the price and their data was stolen.
Breach rating: 4/5
2013: Adobe Photoshock!
The Adobe data had an effect on 150 million accounts. The data that was leaked included user IDs, encrypted passwords, personal data, credit and debit card details and classified documents.
Hackers gained access to a huge cache of Adobe’s customer details. The initial estimation of users affected was said to be 38 million, although a few years on, the number of impacted users is estimated to be closer to 150 million.
The culprit was never officially identified. The security blogger Brian Krebs was the first to report the breach after a file dump was uploaded to a hacking forum.
Adobe is a huge technology company and their software is used all over the world, and users are still being affected by compromised emails today. Breach rating: 5/5
2011: PlayStation Notwork
Another Sony breach, the third one of the year… 2011 wasn’t a good year for Sony with their factory being damaged by an earthquake, Sony Pictures being hacked, Sony Online Entertainment being hacked and the PlayStation Network too – their security really did need improving!
The PlayStation Network breach resulted in the loss of 76 million PSN and Qriocity user account details. The resulting outrage and backlash lasted 23 days and cost Sony around $171 million!
Hacking collective Lulzsec, a splinter group of the group Anonymous claimed responsibility for the breach in retaliation over Sony’s legal action against the PS3 jail-breaker, George Hotz.
Breach rating: 1/5
This story is particularly controversial as it was an inside job...
An IT contractor employed by the firm used his security access to copy 2,000,000 customer names, addresses and bank details.
A Vodafone spokesperson said “this attack could only be carried with high criminal intent and insider knowledge and was launched deep inside the IT infrastructure of the company.”
It’s fair to say that Vodafone won’t be using their services again. Breach rating: 3/5
2013: Global Surveillance / Snowden
This data breach affected people from all over the world. It’s estimated that 15,000 Australian intelligence files, 58,000 British intelligence and 1.7m American intelligence files were compromised and stolen.
A leaked cache of top secret documents shed light on several multi-national treaties signed in the name of global surveillance.
Edward Snowden. He’s an ex-NSA contractor, and leaked the files whilst work at Booz Allen Hamilton, a large contractor for defence and intelligence in the USA.
This breach influenced world security. Breach rating: 5/5
2014: G20 Leak
It’s not known how many people were affected by this breach, but it’s safe to say that the breach was pretty big news.
The personal details of world leaders at the first G20 meeting were sent in a plain text email from the Australian immigration department to the organisers of the Asian Cup football tournament.
Despite the potential security implications, there was no criminal or suspicious activity involved with this leak – it was simply the result of an employee accidentally emailing the wrong person. We’ve all done it…
World leaders were involved, that’s a big mistake to make! Breach rating: 5/5