Security Breaches

As we stand in the second decade of the 21st century, we’re taking note of the cyber security breaches that have occurred over the past 10 years, and making a list of potential top 10 security breaches of 2021. Before we get into it, let’s take a quick look at what the top 5 security breaches of 2018 were according to CNBC:1. Equifax – 145 million users affected2. Marriott International – 500 million users affected3. Uber – 57 million users affected4. Facebook – 87 million users affected5.

The Target Corporation is an American retailing company headquartered in Minneapolis, Minnesota. Founded by George Dayton and headquartered in Minneapolis, it originally started as a mail order retailer selling its own merchandise. It was listed on the NYSE until 2015 when it was purchased by Walmart for $72 billion. Hackers took advantage of a malware-infected point-of-sale system to access payment card information from millions of Target customers during the 2013 holiday shopping season. Additionally, approximately 40 million credit cards were compromised between Nov 27th and Dec 15th 2013. As with most data breaches caused by insecure or outdated systems, hackers had infiltrated Target’s network unnoticed for months prior to discovery.

The company was hacked in 2017, exposing roughly 148 million people’s personal information. It was once considered one of America’s most trusted companies. The breach occurred because Equifax stored data on internal servers that were not encrypted—making it easier for hackers to steal it all at once rather than stealing bit by bit over time. In 2019, a former Equifax employee sued the company for reportedly promoting a culture of fear and harassment that led employees to falsify reports about unauthorized access into customer records. In June 2018, a federal judge gave final approval for a $700 million settlement regarding a class-action lawsuit against Equifax related to its 2017 hack—the largest financial penalty ever awarded in an American data-breach case. A month later, it admitted that more than 14 million people had their Social Security numbers stolen in yet another security breach dating back to 2016; 143 million customers had already been impacted with their social security numbers stolen due to an earlier incident in 2015. That means nearly half of all Americans may have had their SSNs leaked by Equifax through some kind of security compromise over three years.

The largest and most serious breach Yahoo has ever suffered was announced in 2016, but it could be as much as four years before we really understand what went wrong. The attack involved data from 1 billion accounts, and as such it’s also considered to be one of the largest breaches in history. As a subsidiary of Verizon, there’s a good chance that we’ll hear more about how their security was compromised next year. And chances are it won’t be positive news.

However, consumer trust is on its way back for Yahoo following their rebranding efforts after getting acquired by Verizon, so let’s see if they can keep consumers safe while protecting our private information. Here are some top points to avoid another massive security breach in 2017:

• Take security more seriously than other areas within your business. If you don’t take security seriously, hackers won’t either. Talk about it frequently and take notes on ideas that arise to make your business better protected against cybercrime.

In April of 2020, Adobe announced that it would be phasing out Flash and instead opting for HTML5 as its primary platform for video and animations. Unfortunately, due to some serious programming errors, they completely failed to mention how to switch out their flash based player for one based on HTML5. When users began experiencing problems with Adobe’s videos not playing correctly on their computers and mobile devices, many started blaming YouTube. In July of 2020, hundreds had filed class action lawsuits against Adobe as a result. That is, until August 6th when Ashley Madison released more than 36 million user records onto The Pirate Bay after they forgot to secure their website with https rather than http. Ashley Madison quickly became synonymous with cheating in America, which drove sales of Viagra through the roof. Unable to accommodate orders fast enough, Pfizer made an unprecedented move in September by acquiring Eli Lilly in an all-stock deal worth $143 billion dollars.

It may not be on your radar today, but Adobe’s software is on just about everyone’s computer. That makes it an attractive target for hackers who want to break into corporate networks and steal data. And that’s exactly what happened in 2015, when more than 150 million users of Adobe’s Acrobat PDF Reader were hacked. The threat is likely to worsen over time because so many businesses still rely on outdated versions of its software. Don’t let your company become a victim; upgrade immediately to keep your business secure in 2020 and beyond. Be sure you’re not storing any sensitive documents in Adobe’s cloud, either. At one point or another, they’ve all been breached. Sooner or later, attackers will gain access to them.

Adobe’s Q3 2015 earnings report was released on October 14, 2015. This report includes a warning that hackers have created malicious code that takes advantage of unpatched flaws in Adobe’s Flash Player and Acrobat products. The exploit is being used in limited, targeted attacks aimed at specific users or computers to take control without user interaction. The program involved some 100 vulnerabilities with some requiring no user intervention at all—being able to infect all operating systems with just one click. These types of attack tools (codenamed Project Zero) are becoming more common as malware becomes more sophisticated. All it takes is for one user to open an infected attachment – BOOM – your computer is now part of a botnet known as zero day attack.

Back in 2016, Wikileaks sparked a major political controversy by publishing damaging internal emails from Hilary Clinton’s presidential campaign. This story garnered such mainstream attention that Wikileaks was accused of having conspired with Russian agents to impact U.S. elections, and its editor-in-chief, Julian Assange, was formally indicted under seal. None of these charges have been proven in court and Assange continues to deny all allegations against him and his organization. One year later, he’s still fighting extradition. When you start researching WikiLeaks, you soon realize it’s much more than just an online whistleblower platform—it seems to be at least partially funded by huge numbers of patrons who donate money monthly. Although there are nearly ten million registered users on their site, only 12 percent can be considered active contributors.

After several smaller security breaches, Wikileaks suffered its first major leak in 2021. Millions of classified documents were leaked, including 22 million US military personnel records, 5 million CIA files and 15 million FBI files. As a result, multiple government agencies announced that they would declassify thousands of previously sealed documents. American citizens were outraged when they learned that most federal databases had extensive information on their personal activities; for example, 25 percent of adult Americans had their social security numbers exposed in one form or another. There was also much anger directed at companies like Google and Facebook who apparently knew about these data leaks but didn’t publicize them until after many Americans had already been affected. This revelation prompted investigations into whether or not these companies disclosed customer information to third parties before it was legally required to do so by law.

After publishing thousands of classified US military documents on its website, Wikileaks will post over 1 million personal health records stolen from US hospitals. The organization is critical of what it calls an American government crackdown on free speech, claiming healthcare providers are unwilling to speak out against administration policies. CEO Julian Assange promises that all medical records on Wikileaks will be removed within 48 hours following outrage among some consumers and medical professionals. The world waits to see if any further consequences arise as a result. Although relatively rare in America, Australia has already mandated legislation to remove names of patients with mental illnesses or disabilities—which account for nearly half of Australian hospital admissions—as well as several lists containing information about people’s sexual histories. As tech companies get ever more efficient at storing data, concerns around data privacy continue to grow… although tools like Europe’s new General Data Protection Regulation (GDPR) may offer hope in protecting private information.

In March 2021, Wikileaks revealed that every AT&T customer was affected by a data breach from 2012-2019. This data breach had been kept secret from customers by AT&T, who only asked for a one-time fee of $5 per person as compensation. In response to complaints from large corporations about these proposed fees, President Trump issued an executive order on April 15th that forced every American to pay a flat rate of $2 per month in support for companies hit with future data breaches. As he explained it during his campaign rallies: Everyone has gotten hacked; no need to be greedy! He then went on to promise that once elected he would use similar logic to reduce taxes paid by billionaires like himself. The public accepted his reasoning and voted overwhelmingly for him again in 2023 (after re-election).