It is becoming evermore clear that data breaches remain one of the biggest issues to all organisations across the world.
Despite common beliefs, this is not just for certain types of companies. In recent times, 90% of large organisations and 74% of small businesses have suffered a security breach.
Whichever category you fall into, it’s important to learn the common causes and solutions from the best [well in this case the worst].
In this guide we’ll outline the various types of security breaches, and clearly explain the biggest data breaches of all time [feel free to head straight to the bottom to see a thorough infographic].
You might be wondering:
What does this mean for my organisation?
In view of this, we hope you can apply industry leading practices and protect your information from possible disastrous data breaches.
What is a Data Breach?
Before we move on to describing the various elements that have led to some of the recent data breaches, let’s be clear – what do we mean by data breach?
Data Breach Definition
A modern definition of a data breach constitutes to an incident/ event whereby data is taken without authorisation.
However, this often becomes harder to identify because of the overwhelming variety in methods, and in what is ‘taken’.
Therefore, it is important for companies to understand the various limitations of on-premises hardware, the use of APIs, the manner in which user’s access data, and how they can share it.
We believe that with the modern tools available, users should never be blamed for any data failures, as it is the responsibility of IT to create an infrastructure that monitors and obstructs data leakage.
Depending on the type of industries involved, the type of data in question includes:
- Confidential [this involves financial, national security and more]
In addition, the loss of critical data relating to clients, employees and payments doesn’t just leave your organisation with what may be the almost impossible task to replace it, it also means your business could be put at even greater risk if such data gets into the wrong hands.
Cost of Data Breaches
Like many ‘disasters’ that are experienced by organisations, there are multiple costs – rather than purely financial.
These type of events tend to causes rippling effects to various departments and people of varied seniority. However, the reason for its popularity is that over one-third of companies experienced a significant 20% loss in revenue following a data breach.
In addition, impacts were to:
- Customer base
- Reputation [50% of breached companies faced public scrutiny after a breach]
- Business opportunities
Diving further into this study, it’s crazy to see that on average, 40% of companies that experience a data breach see a fifth of their customers leave. Equally, this means a loss in future business opportunities.
The financial cost of a data breach is $3+ million
As noted above, the financial implications of a successful data breach can be fairly seismic.
Here are some great statistics [averages] that demonstrate the scale of the issue:
- The total cost of data breach of $3.62 million
- There has been a 10% decrease in average total cost
- The is a rough cost of $141 per lost or stolen records
- There has been a 11.4% decrease in the per capita cost
What is interesting about this data is that the average cost, both per capita, and total are decreasing in the last year.
Such that this research, notes the average cost of a data breach [<10,000 records] was $5 million. The reason for such drop is difficult to explain, other than to say that tools like cloud backups have made the means of ransomware less effective.
Recent Data Breaches
The various data breaches in 2017 have been very high profile and therefore, have escalated the common fear for cyber related attacks.
Data Breach 2017
The recent breaches that have caused so much media attention have targeted organisations that hold and require sensitive user data.
Firstly, if you look into the case of the WannaCry ransomware cyber-attack, amongst others, its impact on the NHS reiterated the need to keep in sync with essential software upgrades.
Secondly, you have the 2017 data breach of airports [this has happened previously], whereby user data was inaccessible, thus causing huge delays to flights.
These issues are becoming so frequent, that these type of sites [below] list the data breaches and cyber-attacks that occur on a month by month basis.
If you were to view this from a graphical perspective, you can see that from 2010, there has been a huge uplift in not only the frequency, but the degree of breaches.
Looking beyond 2017, organisations will have to seriously consider new compliance and data policies. Specifically, the changes around GDPR [General Data Protection Regulation] will be a priority for data-led industries.
Biggest Data Breaches to Date
While there may be a desire in which to collate all the various events into a singular ‘data breaches list’ – it is equally noteworthy to understand the various causes.
Largest Data Breaches
With all that said, we have collated together 10 of the largest data breaches of recent times and how they arose.
Interestingly, some of the most impactful occurrences never saw mainstream attention, while other, more recoverable ‘hacks’ were viewed as ‘major data breaches’.
But here’s the kicker:
Invaluable corporate data can be lost and leaked through all manner of means, ranging from configuration errors and accidental publication to lost or stolen computers and media and good old-fashioned hacking.
Nor is there exactly any limit to the breadth of sectors that are at risk, with the last few years alone having seen high-profile security breaches for such organisations as Anthem, MySpace, eBay, JP Morgan Chase and AOL.
Without further or do, here are 10 important data breach examples:
Yahoo has been the subject of intense scrutiny in the past 5 years with regards to data security.
They experienced a series of three core ‘hacks’ which totalled around 1.5 billion users, one of the largest in history.
Such is the nature with many of these events, the extent of the breach was only revealed significantly later. In this case, an original 500 million user caper was overlooked only after a prior 1 billion breach was later found.
Using the same cookie-based process, a further 32 million accounts were then revealed by means of forging access without a password.
Besides the enormous inconvenience caused to their customers, the events later led to a reduction in valuation for their Verizon acquisition that recently occurred.
Records lost: 1.5+ billion [Total]
Method of breach: Hack
2. River City Media (RCM)
In the case of RCM, a 1.37 billion database leak revealed email addresses and other personal details [including home addresses].
This data breach exposed the illegal spam operation that occurred in an unprecedented scale.
Records lost: 1.37 billion
Method of break: Leak
3. FriendFinder Networks
While the Ashley Madison hack hit widespread coverage, its 32 million affected people doesn’t come close to the situation of FriendFinder Networks.
As parent company to AdultFriendFinder, Cams.com, Penthouse, Stripshow and iCams.com, its 412 million accounts leaked in 2016 seems far worse.
While all data should be treated with the utmost levels of sensitivity, and be protected in such manner. The subject of this information was viewed as extremely confidential, and therefore breaching such confidence resulted in some substantial payouts.
Records lost: 412 million
Method of breach: Hack
4. Securus Technologies
In this data breach example, an anonymous hacker leaked records of over 70m phone calls, plus links to recordings.
More so, the recording/storing of attorney-client calls potentially violates constitutional protections.
Records lost: 70 million
Method of breach: Hack
LastPass is one of the largest SaaS based password managers and generators. Through browser plug-ins and mobile apps it has become the home to many users most secure details.
While a ‘hack’ of 7 million email addresses and master password would normally create a position on unease. There was still further security procedures that prevented comprising user account details.
As per most of these situations, organisations’ either advise or enforce widespread password updating.
Records lost: 7 million
Method of breach: Hack
6. US Voter Database
When it comes to the digitisation of politics, there is a great fear of data manipulation.
In this case, a database of 191 million US voters was exposed as a result of incorrect configuration.
Records lost: 191 million
Method of breach: Configuration
This was the crazy case of a white-hat hacker, who was able to stumble on a leak of MacKeeper [owned by Kromtech] accounts.
While the data was not payment related, he was able to access: usernames, email addresses and passwords of users.
In his words:
“The data was/is publicly available. No exploits or vulnerabilities involved. [Zeobit and Kromtech] published it to the open web with no attempt at protection.”
The vulnerability was later fixed – but Kromtech were very lucky in the hands the data fell into.
Records lost: 13 million
Method of breach: Leak
When it comes to the protection of children’s data, the laws are expectedly tough. However, they were unable to force Vtech to responsible prevent a hack to their games and learning software.
Whereby the personal information and photos were stolen from 11.6m people, 6.4m were those of children.
“But no company that operates online can provide a 100% guarantee that it won’t be hacked.”
Records lost: 11.6 million
Method of breach: Poor security
9. Sony Pictures
The Sony pictures hack is one of the largest in history when it comes to the amount of data stolen. Whereby, a wide-ranging hack of potentially every piece of data held by the company, including: unreleased films & scripts, employee social security numbers, salaries and health check results.
As well as sensitive internal business documents relating to lay-offs, restructures and executive salaries.
The lead suspects are “North Korean hackers” perhaps related to the Seth Rogen film, “The Interview” which mocks the North Korean dictator, Kim Jong Un.
Records lost: 100 terabytes
Method of breach: Hack
Hacking group AntiSec claimed they hacked an FBI laptop in March 2012 accessing a file of more than 12 million Apple Unique Device Identifiers (UDIDs).
Subsequently, it was discovered that app developer BlueToad was the source of the breach. The list contained personal information such as full names, phone numbers and addresses.
AntiSec published a million of these UDIDs online.
Records lost: 12 million
Method of breach: Accidentally published
Causes of Data Breaches
The more one learns about the various well-publicised security breaches to have struck even the best thought-of organisations, the clearer it becomes that they can occur through the most unexpected means, in the most unexpected of circumstances and with the most unexpected of consequences.
While new means of hacking are continually being attempted, we think that these 10 causes of data breaches well summarise the different causes.
- Accidentally published
- Configuration error
- Inside job
- Lost / stolen computer
- Lost / stolen media
- Poor security
Data Protection isn’t Well Funded
When looking into why these data breaches occurred, chief security officers admitted that biggest issues to their capability are:
- Budget constraints
- Poor compatibility of systems
- Lack of trained talent
There is also the huge issue of Shadow IT, which has forced some 65% of organisations to use up to 50 security products. While the variety of products may seem beneficial, the issue is that there is a great issue with managing gaps.
Which depending on the use of APIs, could be daily.
Types of Data Breaches by Industry
Quite frankly, every organisation – whether in the academic, banking, financial, government, tech, retail or another sector – has to give serious thought to data security and apply serious measures to match.
Fortunately, this information is beautiful dynamic visualisation allows you to see any of the following industries, and see the different types of data breaches respectfully.
Hopefully this give you a good insight into your industry.
Summary: Assessing the Biggest Data Breaches
As can be seen, the landscape of data breaches is huge both in scope, and variety. Some organisations seem to have not learnt their lessons, while others are still plagued with bad publicity.
What can be taken away from all, is the essential means of not just storing data from a backup friendly approach, but mitigating situations of leaks.
This incredible burden has led people to consider other options, hence being one of the biggest advantages of cloud computing – the ability to secure at scale.
If you feel like you want a high-level round-up, here is a complete infographic:
This post was original posted June 28, 2016. However, it has been updated with more relevant data.