By Jack Foster
Data is one of today’s most important commodities. It was not many years ago when the question as to how to protect personal data was met by shredding any documents that contained important information. With today’s interconnectivity, many companies, sometimes without our knowledge, are storing important personal data.
We are often being told to change our computer passwords and that is very good advice. Regularly changing passwords on your computer, web sites, and apps that you provide with information helps to reduce the risk of your information being made available – but make sure that your password list is not accessible.
However, websites that you visit will still collect information about you. One affordable solution to this is the use of virtual private networks (VPNs). For a small fee, this software allows surfing with privacy and anonymity. VPNs help protect your devices, but what about the companies that collect and store your information? It would surely be very embarrassing if they were not able to hold your information securely. Well, here is a list of the top 10 most embarrassing data breaches.
1. Heartbleed Encryption Bug
The Heartbleed bug makes passwords that are stored and protected by SSL/TLS encryption vulnerable. This bug remained undetected for nearly two years. It was not until the security firm Synopsis discovered and announced the existence of this bug that had affected a massive number of sites. Amazon, WordPress, Tumblr, Pinterest, Airbnb, and Reddit found it was necessary to fix their copy of OpenSSL to rectify the problem.
Users on each site needed to change their passwords; operating systems like Android 4.1.1 were vulnerable, too. So serious was the problem that The Core Infrastructure Initiative, a multi-million dollar initiative funded by Microsoft, Facebook, Google, Amazon, and Dell was set up to combat similar encryption bugs.
Although not discovered until 2016, in 2013 an unauthorized person managed to access the Yahoo database and gain access to one billion users’ information. They were able to access names, addresses, telephone numbers, dates of birth, and even passwords. In 2014, just a year into the breach, details of 500 million users were potentially available.
3. TJX Stores
In 2003, a hacker stole the data of 45.7 million customers from TJX stores. The data included information regarding customers’ credit and debit cards. Apparently, the store’s wireless network security was so poor that the hacker only had to sit right outside to access the network. When he had access, he was able to record credit card information as the store transmitted the data.
Not satisfied with the information he found, he was able to back track to the company database where he found 45.7 million credit card numbers in an unencrypted file. Once downloaded, it was then a simple matter of using the numbers to buy gift cards and sellable goods.
4. Heartland Payment Systems
In 2008, hackers managed to plant software into this payment processing company’s computer system. The software gave hackers the data of 130 million credit and debit cards as 250,000 companies across America transmitted the information.
5. Sony Online Entertainment Services
This network links online game consoles and multiplayer PC games as well as video and music streaming. The hackers managed to gain access to the data of 102 million users’ names, addresses, and log on details. This resulted in the service being offline worldwide for three weeks.
Anthem is America’s second largest health insurer. In 2015, a database containing personal information such as names, dates of birth, and social security numbers of up to 80 million users became accessible.
Hackers were able to gain access to the point-of-sale terminals of this major retailer. The attack took place at the time when 70 million shoppers were taking a part in Black Friday. Although they accessed customer details, the financial implications are not clear; Target did announce that no customer would be affected out-of-pocket because of the theft.
Adobe, a computer software company, announced that it suffered a hacking attack that made the personal information of at least 38 million customers vulnerable. The company advised those affected and offered them a years’ worth of a free credit monitoring service.
9. Home Depot
Hackers stole 56 million credit card and debit card details from Home Depot by using stolen vendor login information. Entering into the company system, they were able to install software to collect the data. The cost to the company was potentially $194 for each customer record stolen.
10. Hertfordshire County Council
Whilst the data breach at Hertfordshire County Council did not involve many people, or involve huge amounts of money, it was nonetheless still very embarrassing since no hackers were involved. Employees faxing information to the wrong people caused this data breach. A member of the public received a fax, destined for a legal company containing details of a child that was at the centre of a sensitive abuse case. Another fax again sent to the wrong person detailed information on care proceedings.