In an ideal world, everybody’s personal data would always be safe and secure 24/7/365. Yet data breaches happen daily and, unfortunately, large companies holding millions of people’s data are often the target of hackers.
There have been many cyber security disasters in the past decade. In the UK alone,
almost half of businesses have been hit by a cyber breach or attack in 2017. There is a chance that you may have even been involved in one yourself.
Our list consists of the companies which have suffered the biggest consequences of cyber breaches and attacks in the UK and the USA.
Read on to see who could’ve been more careful...
1. Yahoo
Date: August 2013
Consequence: 3 billion users affected & $350 million knocked off Yahoo’s value
Details: Yahoo takes the top spot as the most disastrous cyber-attack of all time.
In 2016, while in negotiations with Verizon, Yahoo announced it had been the victim of the biggest data breach in history.It first claimed that the breach affected 1 billion users. Later, it then admitted that it had also suffered a second cyber-attack in 2014, and
500 million people’s data was stolen by hackers. Yahoo also revealed that it thought that both attacks had been carried out by ’
state-sponsored’ attackers.
Only in 2017 has Yahoo announced that 3 times the amount of accounts it previously claimed had been hacked. This meant that all 3 billion of its users were in danger of their sensitive data being used. The breach was detrimental to Yahoo’s worth, as Verizon only paid $4.48 billion for the company – a huge $350 million less than its previous worth.
The once ‘internet giant’ has now significantly shrunk..
2. PSN (PlayStation Network)
Date: April 2011
Consequence: 77 million accounts hacked & $171 million loss
Details: The cyber-attack on PSN was the biggest data breach incident in the gaming community.
Hackers accessed the names, addresses, passwords and credit card details of
12 million of the total 77 million users. Subscribers were only told a week after the initial incident that all their personal details could’ve been accessed by a hacker.
The cyber-attack was found to be ‘preventable’ as Sony should have had up-to-date security software. It was also found that PSN didn’t encrypt its users’ data, which made the breach even worse.
The PlayStation hack was the first occasion which made people think about whether their information was really safe on the internet.
3. Equifax
Date: July 2017
Consequence: 143 million consumers’ personal data hacked & 209,000 consumers’ credit card data exposed
Details: Credit-monitoring company Equifax was hit by a data breach that exposed the social security numbers and other data of roughly 143 million Americans (bearing in mind that the population of America was around 324 million at the time). The US credit company said that the breach happened due to an ‘application vulnerability’ on one of its websites.
Penetration testers and other security researchers found that it would have been simple for an attacker to exploit the flaw and get into the system – meaning Equifax’s cyber security was far from the standard that it should’ve been.
In terms of people affected, Equifax claimed that fewer than 400,000 UK accounts had been hacked. This figure then changed as they later confirmed
15 million UK records were targeted and 683,665 people had their data exposed. This included phone numbers, email addresses, passwords, driving licence numbers and the credit details of around 15,000 customers.
Unfortunately for Equifax, millions of people aren’t going to forget about this one.
4. NHS
Date: May 2017
Consequence: Disruption to NHS trusts across the UK
Details: The cyber-attack carried out on the NHS was due to a computer crypto virus called ‘
WannaCry’. The virus encrypts data on infected computers and demands a ransom payment to allow users access.
No data was leaked but
19,500 medical appointments were cancelled, computers at 600 surgeries locked and five hospitals had to divert their ambulances to go elsewhere. The severity of this attack was down to people’s lives rather than money.
The damage would have been substantially worse had Marcus Hutchins, a security worker, not activated a ‘kill switch’ that prevented future infections from locking even more devices.
The software demanded a ransom to be paid in the cryptocurrency Bitcoin worth $300. This would then allow the users to use a the security key to unlock their maliciously-encrypted drive. More than £100,000 was eventually paid to the hackers, who withdrew the funds in August. The NHS was criticised for allowing the breach to happen, as people thought they could have done more to prevent it with ‘
basic IT security’.
The cyber-attack on the NHS was sorted before the implications became even more serious.
5. Target
Date: December 2013
Consequence: 110 million people in America had their debit/credit details compromised – costing the company $18.5 million
Details: The American giant first claimed that hackers had collected the details of 40 million customers, after gaining access through a third-party
HVAC vender to its payment card readers (used at the point of sale). This estimate increased in January 2014 to 70 million customers, and then eventually the final confirmed number of 110 million customers.
The full names, addresses, email addresses and telephone numbers of the customers were also exposed during the breach.
The atrocity of the breach meant that Target’s CIO and CEO both resigned.
While the company was credited for its security advancements following the attack, it was fined a hefty
$18.5 million. Ouch.
6. UBER
Date: Mid 2016
Consequence: 57 million customers affected worldwide and £75,000 ransom paid to hackers
Details: UK authorities were unaware about the huge data breach that affected the transportation company. Millions of Brits’ details were placed within the hackers’ hands.
The breach mainly affected Americans. However, the transport company still hasn’t actually confirmed the proportion of the British public who have had their details accessed.
The hackers demanded a ransom of
£75,000 to delete the data and keep quiet about the security breach. Instead of admitting that the company had suffered a cyber-attack, it named it a ‘bug bounty’ and claimed it had paid hackers to test the strength of the security software.
This cyber-attack is one which we are still waiting to find out the full impact of…
7. Wonga
Date: April 2017
Consequence: 245,000 UK customers affected
Detail: The breach to the payday loan firm was considered one of the worst data breaches to happen in the UK – affecting nearly
245,000 customers. The sensitive data accessed by hackers included names, email addresses, home addresses, phone numbers, bank account numbers and sort codes.
Wonga was another one which kept quiet about the breach until it realised the seriousness of the situation. It took a whole week for the company to finally inform its customers that they could have been affected.
While Yahoo was the biggest breach of UK data, Wonga is believed to be one of the biggest involving a breach of financial information.
It has not yet been fined. But we’re betting it will, given what happened to others in our top 10.
8. eBay
Date: May 2014
Consequence: 145 million users affected
Details: The hackers gained access through the company’s employees through a phishing email. They managed to go unnoticed by the company for 229 days, slowly collecting information.
They managed to steal sensitive information including eBay users’ names, addresses, email addresses, phone numbers and dates of birth. Luckily – a silver lining in a bad situation – the users’ credit card details were stored separately. It was one of the biggest cyber-attacks in the retail industry experienced by British customers. The company urged customers to change their passwords to stay protected from the online criminals.
As a result,
eBay was fined £500,000 for the breach of data.
9. LinkedIn
Date: 2012 (but only revealed in 2016)
Consequence: 117 million LinkedIn emails and passwords
Details: The hacker was found to be an online Russian criminal who goes by the name of ‘Peace’ – ironic.
At the time of writing this article, he’s still selling the stolen data on the dark web. The hacked-data search engine LeakedSource also claims to have users’ details. In total, the hacker and the search engine claim that there are
167 million accounts in the hacked database. Of those, around 117 million have both emails and passwords.
The attack on LinkedIn proves that no platform is safe from hackers.
10. Ashley Madison
Date: August 2015
Consequence: Leaked account details of 32 million users and a lot of broken marriages
Details: Ashley Madison is the sister dating site of Avid Life Media (now re-branded ‘Ruby Life’). It has a similar layout to a dating website, but specifically caters for married individuals who want to have an affair.
The website was the target for hackers who had two incentives. It’s thought that they were against Ashley Madison’s mission to arrange affairs for married individuals, and were against the fact that users had to pay $19 to have their data deleted.
The hackers leaked the email addresses of 32 million users. Many of them were also blackmailed by the hacker, ‘Mr X’, who demanded that they pay
$1000 worth of Bitcoins in order to have their subscription kept secret.
Avid Life Media offered a bounty of
$500,000 dollars to reveal the hacker. They haven’t yet been revealed, but there is a theory that it was a former female employee.
It seems this hacker had both moral and financial incentives. The breach proves that everyone needs to be aware that their data may not stay hidden – even when they most want it to.
Unfortunately, data breaches have become a daily occurrence, proving that no business is safe. The companies which made this list are well-known and large enterprises; however, smaller businesses can also easily be subject to a cyber-attack.
The new GDPR legislation, which will be enforced from 2018, should make firms tighten up their security checks, so hopefully our personal data will become more secure.
Get in touch with our friendly team to find out how we could help you with your cyber security.