We are living in the advanced age of digital information and things are only going to get weirder from here. Merely a generation ago the idea that we would store all of the information in the world on some untouchable, invisible, digital interface would have been so unlikely as to be laughable. People would have thought you were crazy! That’s not the case, however. Instead, technology is advancing at an unimaginable pace and those that would exploit it are doing their best to keep up. Statistics show that we are living in the most peaceful time in human history. In fact, when was the last time you read about a bank being robbed? Not recently, we bet. Criminals are turning into cyber sleuths and their prized money bags have turned into data. The fear of a data protection breach is so prevalent among companies the world over that many would look for any data protection solution possible. Sometimes nothing helps. As you are about to read, organized hackers get the info they want when they want it. Here are the 8 biggest data breaches of all time.
Target Stores – 2013
We are sure that there is a joke here about how Target made themselves an easy bit of prey for hackers, but we won’t go there. Instead we will talk about how in December of 2013 a group of dedicated hackers made off with over 40 million different debit and credit card numbers. These numbers had been in use at Target facilities all over the country right after Thanksgiving. It took awhile for Target to make a confirmation but eventually they went public with the information that they had. Yes, hackers had managed to infect the card readers sitting at every check out. Yes, your card information was at risk. In January of 2014 things got even worse. Target released a report stating that over 70 million customers had seen their personal information compromised. That personal info included: full names, addresses, phone numbers, and even email accounts. Some reports show a total of 110 million customers being affected by this breach. Truly frightening.
Sony Online – 2011
You may recognize Sony for their work in the personal entertainment industry. Their gaming console, the Playstation, has been integral to the advancement of home entertainment as we know it for the past couple of decades. Users who own a Playstation also have access to Sony’s version of the ‘video game internet’, called Sony Online. Here customers can meet with their friends, share gaming experiences, and do, pretty much, whatever they want. This hub made for the perfect data breach target. Hackers made their way into the private areas of Sony Online before making off with almost 80 million accounts of private user information. Members of Sony Online’s Playstation Network saw their logins, phone numbers, addresses, emails, and real names all exposed to the hackers. Alongside this account breach there were also over 23,000 European users that saw their credit card data lifted. After this disastrous breach Sony essentially turned off the Playstation Network for a period of three weeks. Cleaning up the the aftermath of the breach, as well as handling all of the 65 class action lawsuits that were levied against them, made this data breach cost $171 million dollars. Not a good period for Sony. We would not be surprised to hear that Sony started shopping immediately for better data breach insurance.
Heartland – 2008
The largest data breach of all time occurred in Princeton, New Jersey. Heartland Payment Systems, a large payment processing company, announced that they had seen over 130 million private record exposed to cyber criminals. In this data breach, which is the largest recorded against an American company in the history of the internet, both credit card and debit cards were made available to the hackers. How did the hackers do it? It sounds simple, but that is pretty far from the truth. Malware, which resides on nearly every computer hooked up to the internet, was planted with the credit card data that arrived from their retailers. The fact that Heartland Network worked with over 250,000 businesses in America meant that the effect of the breach was huge. Eventually the perpetrator of the crime was caught. Albert Gonzalez was convicted in 2010. His sentence is the largest sentence in the history of computer crime: 20 years. For Heartland, and the people affected, they probably believe this sentencing to be too light.
CardSystems – 2005
CardSystems Solutions was the victim of another monumental data breach thanks to a group of intelligent and absolutely abhorrent hackers. In 2005 a group of hackers managed to break into the database that CardSystems stored all of their information. Their route in was via an SQL Trojan attack. A Trojan attack consists of bits of malicious code being seeded into a target computer. This code then snags information and feeds it back to the writers of the code. This Trojan attack pulled browser page data every four days and then placed it into a compressed file and shipped it back to the hackers who would then gleefully manipulate the data to their needs. According to reports the hackers gained private names, account numbers, and specific codes to over 40 million different cardholders. Rosetta Jones, a spokeswoman for Visa, reported that CardSystems Solutions was not being compliant in their protection and that their security was not up to snuff. By the end of 2005 CardSystems was no more as they had been bought out by another, bigger, corporation.
Sony Pictures – 2014
If you have a television, the internet, or a passing interest in pop culture then you probably are well aware of Sony’s recent issues with data breaches. The company, Sony Pictures Entertainment, came under fire by North Korea for their role in the production of a film titled The Interview. The Interview is a satirical comedy that openly mocks the reigning leader of North Korea. The Koreans, never proponents of free speech, saw the film as an act of war and threatened Sony with repercussions. Sony still made the film and eventually they would pay for it. A group by the name of Guardians of Peace went on to hack and release gigabytes of internal data from the company. Almost 50,000 people were made vulnerable due to the attack and some of the information released was absolutely abysmal. In Hollywood your private documents are as valuable as cash and suddenly every studio in the business could read their detailed blueprints for how to steer their franchises, which films they want sequels to, and which celebrities they hated working with. The breach was an unmitigated disaster as more and more dirt was dug up. While not the biggest breach Sony endured, this one was far more damaging due to the sensitive nature of the documents.
Home Depot – 2014
In 2014 Home Depot went from blue collar box store darling to the ire of a nation when over 56 million paying cards were compromised. The breach happened in September and the data breach notification didn’t go out until weeks after the initial attack. According to reports a multitude of card readers were infected some time in May of 2014. For the better prat of four months there was malware implanted on these devices that pretended to be antivirus software. This was one of the largest direct attacks on a retailer in the history of the digital age. For whatever reason this story didn’t make as big of a hubbub as some of the other breaches on our list. Chalk that one up to the PR team at Home Depot.
Department of Veteran Affairs – 2006
Some places in the world you just do not believe to be at risk because it would take a depraved person to go after them. In 2006, a depraved person did go after the Department of Veterans Affairs. The breach occurred almost by happenstance, a stroke of luck for an opportunistic hacker. An analyst for the department had their home broken into. Among the thing stolen was a laptop and external hard drive which held the private database. The analyst reported the theft to police immediately but James Nicholson, Secretary of the Veteran Affairs, was not notified for almost two weeks. Nicholson went to the FBI as soon as he was notified of the incidence and things got moving quickly. On June 29, 2006, the stolen items were anonymously returned to the Veteran Affairs office but the damage was already done. To protect and prevent future losses the Department had to spend somewhere between $100 and $500 million dollars.
TJX Companies – 2006
The final breach on our list of privacy disasters is TJX Companies Inc. This breach occurred back in 2006 and it would go on to affect nearly 100 million different credit cards. Amazingly, researchers still do not know how this breach occurred. One of the hypothesized sources of the contamination is rooted in the in-store kiosks that allow people to apply for jobs. Another hypothesis is that hackers took advantage of the weak data encryption system that TJX was employing. In any event, the hacking occurred and TJX and their customers would pay the price. Albert Gonzalez, the same man we listed above, was also behind this hacking as well. While he may enjoy notoriety as one of the most successful hackers of all time, he’ll have to enjoy it from behind bars. Alongside Gonzalez there were 11 other men and women arrested for their parts in the crime.