Top 5 Largest Data Breaches of All Time5
Data breaches are a huge concern for a company of any size, but let’s take a moment to explore and perhaps appreciate the 5 largest data breaches of all time. Later, we will talk about what types of data breaches you should be concerned about as a small to medium-sized business and what Sadoff can do to help.
What Are the Largest Data Breaches of All Time?
It’s likely not a surprise that these have all happened to massive companies with massive amounts of data. You’ll also notice that all five of these companies were able to financially recover from these disasters, though some did suffer significant harm to their reputations and lasting damage to their bottom lines as a result. Let’s get into it.
Read More: Should You Risk Data Destruction In-house?
Do you remember Yahoo!? They used to be one of the biggest names in search and they have managed to survive in many spaces of the Internet including news. In 2017, Yahoo! actually became a part of Verizon Media. Before that though, they were the source of the single largest data breach in history.
From 2013 to 2016, Yahoo! was the target of hacking attacks on their databases through backdoors stolen backups, and access cookies which allowed them to steal records from a total of over 3 billion users.
Much of this data included what’s generally referred to as PII or personally identifiable information. It’s information like this that can be used to steal identities. The company was fined $35 million and was subject to a total of 41 class-action lawsuits. Considering the company’s slow response time and failure to disclose information on the attacks, they got off easy.
2. First American Financial Corp.
In May of 2019, First American Financial Corp’s poor data security resulted in the leak of 885 million file records. Basically, people could access private information without following any verification or authentication procedures.
The financial company also logged all their records in sequential order. This may seem logical, but it also means that just changing the number in the URL allowed people to view records from other customers making this an easy hack to complete. Fortunately, none of the compromised data is known to be exploited. Even so, the potential for exploitation was huge.
It’s no surprise that a social media company is on this list. Spoiler alert, there will be one more before this list is through. In April of 2021, hackers posted the identities of 700 million people on the LinkedIn platform. Considering that the platform was home to 750 million uses at the time, that’s a staggering amount. Most of this information was already publicly available through the platform, but the platform allowed itself to be scraped making the data more readily accessible and exploitable en masse.
In April of 2021, 530 million facebook users were exposed. This leak had all the usual PII. This is far from their first data breach. Go back a few more years and you have the infamous Cambridge Analytica breach which had 50-90 million users exposed. For this breach, the FTC came down hard and issued a historic $5 billion fine for facebook’s poor data protection practices.
One of the largest tech companies in the world, Microsoft has long been the target of data breaches. In January 2021, they had their worst data breach on record. This attack focused on the Microsoft Exchange email servers.
For a total of three months, hackers had access to the corporate email servers of some 60,000 companies worldwide. Unfortunately, since this hack involved an on-premise locally managed system, a fix to it required the businesses to enact an update themselves. This left many companies vulnerable for some time even after the solution was discovered. To Microsoft’s credit, they were fast to act once the situation was uncovered.
What Type of Data Breach Should Small to Medium Sized Companies Be Concerned About?
If you are a small to medium-sized business then you need to watch all fronts. One front that isn’t often the cause of huge breaches like those above, but can still drown a small or medium-sized business is a physical theft of data. To help prevent that, you have to ensure chain of custody on all devices that contain data and you should destroy that data as soon as it hits the end of its life cycle. You can count on Sadoff for all your data destruction needs.
Categorized in: Data Security