The 10 biggest brand data breaches of the decade
If you’ve ever had a Yahoo account, it’s likely your personal data has been stolen. Breaches in 2013 and 2014 allowed hackers to steal personal information from 3 billion users. In fact, the same thing has happened to some of the world’s biggest brands.
Initially “consumers become more skeptical and cautious” when data breaches occur, says Kellan Terry, a senior communications manager at social media monitoring company Brandwatch. “This may take form as a product or service boycott, or it may cause a major presidential candidate to call for the breaking up of large tech companies.”
However, Terry adds that “most instances of shock and outrage are short-lived. Boycotts rarely last, and consumers’ concerns quickly fade away.”
New pro-consumer privacy laws might make companies take security more seriously. The California Consumer Privacy Protection Act goes into effect at the start of next year and holds brands accountable for any data breaches, allowing consumers to sue them up to $750 for each violation.
Here are the 10 most newsworthy data breaches in the last decade.
In May, it was revealed that a security flaw in Facebook-owned WhatsApp allowed hackers to turn on a phone’s camera and mic, view messages and capture a person’s location—all by placing a call that didn’t even need to be answered. The company confirmed the vulnerability, saying the exploit had all the hallmarks of a state-sponsored attack. It also quickly released a fix, but had to urge its 1.5 billion users to update the app.
Third parties were able to access user profile data for GooglePlus users since 2015. Nearly 500,000 people were affected, exposing leaving details such as full names, emails and places they’ve lived. Consumers and lawmakers criticized Google for knowing about the issue, and fixing it without alerting users, The incident motivated lawmakers seeking stricter consumer privacy standards.
Timing couldn’t have been worse: What then was the biggest data breach occurred at the peak of the holiday shopping season in December 2013. Hackers made off with credit card accounts, PIN numbers and other personal details of 40 million customers. Company CEO Gregg Steinhafel stepped down several months later, marking what some believe is the first time a chief executive from a major corporation resigned as a result of a data breach.
A year after Target’s holiday hack, Home Depot said illicit computer code was installed on its cash registers that allowed hackers to steal the details of more than 56 million credit cards. The breach occurred in April 2014 and continued for several months.
Yahoo holds the title for the largest data breach. The company said in September 2016 that more than 500 million user accounts were exposed in late 2014. That same year, it also said that another, different data breach from 2013 affected roughly one billion of its users. Then, in October 2017, the company said that its entire base of three billion users was compromised. Information such as email addresses, names and phone numbers, were stolen.
The disclosures took place after Verizon said it was acquiring Yahoo for $4.8 billion in July 2016. After the news of the data breach broke, it reduced its price by $350 million.
Marriott International’s incident involved stolen passport numbers. The November 2018 incident is regarded as one of the largest-ever data breaches in internet history. More than 500 million people were affected, but the company recently reduced that number in July of this year to about 383 million.
Earlier this year, Epic Games, maker of Fortnite, said player accounts were compromised after hackers found a security flaw that allowed them to make in-game purchases using credit cards users have on file. The company didn’t disclose how many of its 200 million users were affected.
In 2016, hackers pilfered names, email addresses and phone numbers of some 56 million Uber customers and about 600,000 drivers. The company fell prey to hackers who demanded a $100,000 ransom, a sum it ultimately paid. But instead of reporting the incident, Uber tried covering it up, a move that cost the ride-hailing company $148 million in fines.
Passwords, email addresses, birth dates and home addresses were stolen from more than 145 million eBay users in 2014. Hackers gained access by capturing email passwords, which were then used to infiltrate the company’s security.
Last July, Paige Thompson, a 33-year-old Amazon software engineer, hacked her way into a Capital One server and stole 140,000 Social Security numbers, one million Canadian social insurance numbers, 80,000 bank account numbers, as well as personal information such as home addresses, emails and birthdays. All in, more than 100 million Capital One customers were affected. Thompson, meanwhile, has since pleaded not guilty to the charges and remains behind bars until her scheduled trial in March 2020.