The amount of cyber attacks and data breaches in recent years is staggering and it’s easy to produce a laundry list of companies that are household names that have been affected.
Here are just a few examples. For the complete list, see our biggest data breaches post.
Equifax
The Equifax cybercrime identity theft event affected approximately 145.5 million U.S. consumers along with 400,000-44 million British residents and 19,000 Canadian residents. Equifax shares dropped 13% in early trading the day after the breach and numerous lawsuits were filed against Equifax as a result of the breach. Not to mention the reputational damage that Equifax suffered. On July 22, 2019, Equifax agreed to a settlement with the FTC which included a $300 million fund for victim compensation, $175m for states and territories in the agreement, and $100 million in fines.
Learn how to comply with the FTC Safeguards rule >
eBay
Between February and March 2014, eBay was the victim of a breach of encrypted passwords, which resulted in asking all of its 145 million users to reset their passwords. Attackers used a small set of employee credentials to access this trove of user data. The stolen information included encrypted passwords and other personal information, including names, e-mail addresses, physical addresses, phone numbers, and dates of birth. The breach was disclosed in May 2014, after a month-long investigation by eBay.
Adult Friend Finder
In October 2016, hackers collected 20 years of data on six databases that included names, email addresses, and passwords for The FriendFinder Network. The FriendFinder Network includes websites like Adult Friend Finder, Penthouse.com, Cams.com, iCams.com, and Stripshow.com. Most of the passwords were protected only by the weak SHA-1 hashing algorithm, which meant that 99% of them had been cracked by the time LeakedSource.com published its analysis of the entire data set on November 14.
Yahoo
Yahoo disclosed that a breach in August 2013 by a group of hackers had compromised 1 billion accounts. In this instance, security questions and answers were also compromised, increasing the risk of identity theft. The breach was first reported by Yahoo on December 14, 2016, and forced all affected users to change passwords and to reenter any unencrypted security questions and answers to make them encrypted in the future. However, by October of 2017, Yahoo changed the estimate to 3 billion user accounts. An investigation revealed that users’ passwords in clear text, payment card data, and bank information were not stolen. Nonetheless, this remains one of the largest data breaches of this type in history.
While these are a few examples of high-profile data breaches, it’s important to remember that there are even more that never made it to the front page.
