Big business hacks and ransomware attacks have been making headlines regularly recently, especially due to the added stress that the pandemic has put on cybersecurity. However, they are not a new phenomenon.
Since 2010, over 38 billion records have been exposed in data breaches. That’s a staggering amount of information!
While the majority of cyberattacks actually focus on small businesses over giant corporations, it’s typically only the biggest, most far-reaching hacks that make national news.
10 high profile hacks from the past decade
1. Equifax
In 2017, Equifax reported that they suffered a cyberattack that affected 147 million consumers. That’s more than half of all Americans! It was one of the largest business hacks in history, and criminals were able to access Social Security numbers, credit card numbers, and more.
To make matters worse, an investigation revealed that the company knew that its system contained a vulnerability that could be exploited by bad actors, but never fixed it.
The fallout from the investigation resulted in Equifax paying a $700 million settlement.
The stolen data was never actually found on the dark web, leading investigators to theorize that the hack was not carried out by thieves, but by another country for the purpose of espionage.
2. Facebook
In the summer of 2019, a data breach at Facebook resulted in the exposure of information associated with over 530 million users across 106 countries.
When the breach was made public this year, Facebook stated that it had no intention of notifying affected users that they may have had their data stolen and that the vulnerability had long since been patched.
Part of Facebook’s defense was based on the fact that the information was already publicly available on the platform, and did not include sensitive financial or banking details.
3. Yahoo!
In 2014, 500 million Yahoo! accounts were affected by a hack. Users had birth dates, names, phone numbers, and more exposed. Like Equifax, the company has stated that it places the blame for this breach on state-sponsored actors.
Then, in 2016 Yahoo! disclosed that it had also suffered a prior attack in 2013 that affected all 3 billion of Yahoo!’s users, making it the largest such breach in history up to that point.
Yahoo! paid $117.5 million to settle lawsuits related to the nonchalance the company displayed with regard to transparency and user security.
4. eBay
In the first quarter of 2014, eBay suffered a breach of its passwords. The company asked all of its 145 million users to reset their login credentials as a result. Like Yahoo!, eBay was largely criticized for the manner in which it handled the breach.
According to the company, since the passwords were encrypted they would be very difficult for hackers to actually use.
5. Target
In 2013, retail giant Target disclosed that a malware attack resulted in hackers collecting credit card details for around 40 million customers making it one of the largest business hacks of its nature.
As a result of its poor handling of the hack, the company was forced to pay $18.5 million in a settlement and adopt a robust list of changes to its security protocols.
6. Adobe
In 2013, Adobe reported that credit card numbers, login data, user IDs, and passwords for 38 million users had been exposed. Investigative reporting eventually revealed that more than 150 million usernames and password pairs had been stolen from the company.
In August of 2015, Adobe paid $1.1 million in legal fees as well as $1 million to its users to settle claims of the company violating the Customer Records Act.
7. Marriott International
In November of 2018, Marriott International disclosed that around 500 million customers had their data stolen in a cyberattack.
It was found that the breach began in 2014, and the attackers were able to remain hidden in the company’s system until 2018. This allowed them to grab information such as credit numbers and passwords while remaining undetected for four years.
Eventually, the attack was attributed to a Chinese-based group that was looking to gather data on U.S. citizens.
8. Zynga
Zynga, the creator of Farmville, was a major player in the Facebook gaming world with millions of users playing online at any given time.
The company suffered a major breach in 2019 when a hacker claimed to have broken into the company’s user database, accessing 218 million accounts.
Zynga confirmed that it had indeed been hacked and email addresses, phone numbers, user IDs, and passwords had been stolen.
9. MySpace
Social media pioneer MySpace made headlines in 2016 when a hack of the company exposed 360 million user accounts, resulting in the information going up for sale on the dark web.
According to MySpace, the breach was carried out by a Russian hacker known as “Peace,” who was reported to have also been responsible for similar attacks on LinkedIn and Tumblr.
While the information stolen was mostly old data, people who have a habit of using the same or similar passwords across multiple platforms were urged to change their login credentials.
10. Colonial Pipeline
In May 2021, the Colonial Pipeline shut down operations after falling victim to a ransomware attack. The pipeline, the largest in the U.S., is the majority supplier of gasoline and jet fuel to the east coast, and its shutdown affected some 50 million customers.
The hack, carried out by ransomware gang DarkSide, resulted in widespread gas shortages as well as federal agencies retooling their approach to attacks against private companies that are integral to the country’s infrastructure. DarkSide, under pressure from the U.S. government, has seemingly disbanded or gone underground for the time being, but sources say that the ransomware gang brought in some $90 million in ransom scams since its October 2020 inception.
Colonial Pipeline is reported to have paid DarkSide $4.4 million.
Don’t be the next business hack!
Business hacks are a concern for companies of all sizes. Your business may not be an eBay or Yahoo! but you should still take measures to protect yourself. Here are five critical ways that you can keep your company safe from hackers:
1. Update, update, update!
Maintain a tight update schedule for all of your apps, operating systems, and devices. Enable auto-updates to stay on track, and replace software that is no longer supported.
2. Get a cybersecurity audit
Third party cybersecurity audits are an excellent way to see how your security holds up. Audits should be done regularly in order to keep up with changing cybersecurity demands.
3. Replace outdated hardware
Replace old hardware with refurbished firewalls or network switches to stay under budget and maintain security. Purchasing refurbished, name brand hardware from a reputable dealer keeps companies on the cutting edge.
4. Maintain an educated workforce
Many hacks happen because people unknowingly open the door to them. Be sure that your staff is acutely aware that a great deal of cybercrime is preventable with awareness.
5. Use a virtual private network
Virtual private networks, or VPNs, keep web usage encrypted and safe. Using a VPN is a great way to keep your business network out of the spotlight and away from the eyes of potential hackers.
Sources
- The 10 biggest data hacks of the decade
- The great Equifax mystery: 17 months later, the stolen data has never been found, and experts are starting to suspect a spy scheme
- Hackers raid eBay in historic breach, access 145M records
- The 56 Biggest Data Breaches (Updated for 2021)
- EBay Demonstrates How Not to Respond to a Huge Data Breach
- Target Settles 2013 Hacked Customer Data Breach For $18.5 Million
- The 15 biggest data breaches of the 21st century
- The hackers who shut down Colonial Pipeline brought in over $90 million in bitcoin ransoms while in operation
