It was recently revealed that hackers in the US managed to extort over $1m from the University of California, San Francisco – an institution currently working to find a cure for Coronavirus. Additionally, Easyjet recently admitted that it fell victim to a cyberattack in January where the information of over nine million customers was obtained – including the credit card information of over 2,200 people.
The two examples above show just how costly and damaging cyberattacks can be to different types of organisations.
What are the biggest cyberbreaches of all time (so far)?
Possibly the biggest data breaches in history occurred in 2013 and 2014. These two breaches were believed to have been carried out by “state-sponsored actors,” and compromised the accounts of three billion users. Data that was obtained included real names, email addresses, dates of birth, telephone numbers, passwords, and security questions/answers. It was estimated that these breaches reduced the value of the company by $350million (when it was acquired by Verizon).
Occurring in early 2020, this breach, on China’s equivalent to Twitter, saw details of 538million user accounts posted for sale on the dark web. Data included real names, usernames, gender, location, and some phone numbers. Password data was not obtained by the hackers, however.
Adult Friend Finder
A particularly sensitive breach due to the adult-oriented nature of several of its websites/hook-up services, this breach in 2016 impacted over 400million accounts. The data that was stolen covered 20 years’ worth of information spanning six different databases and included real names, usernames, email addresses, and passwords.
Impacting an estimated 500million customers, and believed to have taken place between 2014 and 2018, the data stolen in this case included contact information, passport numbers, travel information, other personal details, together with the credit card numbers and expiry dates of 100 million clients. This breach was alleged to have been carried out by a Chinese intelligence group.
In 2016, details of 360 million user accounts were put up for sale on the dark web market and also made available on Leaksource. According to MySpace, the lost data included email addresses, passwords, and usernames for some accounts that were created on the old MySpace platform prior to 2013.
Occurring between May and July 2017, and blamed on an application vulnerability on one of its websites, this breach exposed the details of almost 150 million customers. The data exposed included Social Security numbers, birthdates, addresses, drivers’ license numbers, and credit card details (of 200,000 users).
Back in May 2014, eBay fell victim to a cyberattack that exposed some details of all 145million of its users. The data that the hackers obtained included names, addresses, dates of birth, and some encrypted passwords. Credit card data, however, was not compromised as this was stored on a separate system.
Heartland Payment Systems
Responsible for processing 100 million payments per month at that time, Heartland fell victim to a SQL injection attack which resulted in 134 million credit cards being exposed. The breach was discovered when Visa and Mastercard made Heartland aware of a number of suspicious transactions. The breach was carried out by an international organisation – and a Cuban American, Albert Gonzalez, was sentenced to 20 years in federal prison for his involvement.
Ways to protect your organisation against cybercriminals / hackers?
All organisations are vulnerable to attacks but there are several steps that can be taken to reduce the risk. The main ones include: using multi-factor authentication, making sure firewalls and anti-virus software is kept up-to-date, restricting access/permissions, using application whitelists, ensuring strong password protocols, segregation and encryption of data, not using public Wi-Fi, and being extra careful about opening emails.