The 3 Biggest Data Breaches
Data breaches can happen to anyone, any time. How a company responds to these breaches is important for its customers’ privacy and the company’s reputation. What are some of the world’s biggest data breaches? Yahoo, Equifax, and Uber. What happened?
Yahoo had some data breaches in 2013 and 2014 but did not report it until 2016, where they said over 1 billion user accounts were hacked. Later on, in 2017, they came out and admitted it was 3 billion user accounts that had been hacked. The data breaches consisted of user account details, including email addresses, passwords, telephone numbers, dates of birth, and even security question answers. After disclosing the breach that happened in 2014 (where 500 million users were affected) to the public in 2016, it took Yahoo a few months to recognize the breach in 2013 that affected 1 billion user accounts. Then it took them another year to finally admit it had been 3 billion user accounts.
What does this mean for Yahoo? Well at the time, they were working on a purchasing deal with Verizon. When Verizon found out, they lowered their offer for Yahoo by $350 million. Then Yahoo got hit with 43 class-action lawsuits.
What did Yahoo do when it found out some user accounts were hacked? An investigation shows that they contacted those users who they thought were breached, and that was it. They failed to investigate further, which made them unaware of the 2013 breach for quite a while. What they should have done was properly investigate the first sign of a breach so they could protect its users. They did not do this, so their users’ data probably ended up on the black market for anyone to buy.
Even if there was a small incident of a breach, the company needs to investigate it further to see if anyone or anything else was compromised.
The Equifax data breach happened mid-May in 2017. Shortly after it was discovered, it was disclosed to the public in September of 2017, a lot sooner compared to Yahoo’s data breach. 147.9 million US Equifax consumers were affected by this data breach. Hackers discovered a way to hack into their database and gained access to users’ social security numbers, birth dates, driver’s license numbers, addresses, and other personally identifiable information. Two hundred, nine thousand consumers had their credit card information exposed too.
This breach, while not as many users were affected compared to Yahoo’s data breach, was the result of failed security practices on Equifax’s end. The U.S. General Accounting Office investigated the breach and found that the company failed to use well-known security practices and did not have internal controls or routine security reviews. The attackers exploited the vulnerability in software on their server that the company did not patch.
The Equifax data breach resulted in the CEO, CIO, and CSO resigning, along with the company’s stock dropping. The breach ended up making California, and some other states, to pass stricter data protection laws.
Uber, the popular car taxi service, had a data breach in 2016 that was disclosed in 2017. Uber found out in late 2016 that hackers got the names, email addresses, and phone numbers of their consumers. This included 57 million Uber app users that got hacked, along with 600,000 Uber driver’s license numbers from its drivers. The hackers went through Uber’s GitHub account and found credentials to hack Uber’s Amazon Web Services account. Uber found out when the hackers demanded money so they would delete their data copy. Uber went public a year later about this data breach.
Uber’s valuation was $68 billion before the breach, and as they were trying to sell a stake to Softbank, their valuation had dropped in December down to $48 billion. Most of the drop was due to the data breach, but some of it was from other causes. Uber’s CEO, director of security and law enforcement, and CSO ended up being fired. The settlement after the breach ended up being $148 million. This data breach cost Uber dearly, which goes to show if you store data on a cloud, make sure it is secure and do not store data that is not necessary.
Consequences of Data Breaches
When a company experiences a data breach, they lose money, customers, have legal issues, lose their reputation status, and the investigation can interrupt their normal operations. Companies need to secure their information better and protect their consumers from these hacks.
If you have been a victim of a data breach due to a company’s negligence, your data in out there on the internet for anyone to buy and sell. This can mean accounts opened in your name, financial data exposed, and more. Use a service like Wiperts.com to get your personal data removed online. They also regularly monitor your data and remove it if and when it pops back up again.