Breaking down the biggest breaches

The digital age is both awe-inspiring and terrifying at the same time. It gives us the ability to access information from around the world, instantaneously. At the same time, because we’ve become so dependent on this technology, it can leave us susceptible to data breaches. Hackers, human error and natural disasters are an inevitable factor in information security. While no system may be untouchable, there are ways to strengthen and continually improve your security. It’s important to know about other data breaches, regardless if it occurred in a different industry. The more this information is made available, the better information security will be. Here’s a snapshot of the world’s biggest data breaches from 2005 to the present, via Information is Beautiful. 

Target

We were all made painfully aware of Target’s data breach at the end of 2013. It’s said to be one of the largest data breaches to date, not to mention the most high profile. The breach affected roughly 70 million customers. And, the theft consisted of:

• Full names
• Mailing addresses
• Phone numbers
• Email addresses
• Credit card/Debit card numbers
• Expiration dates
• CVV security codes
• PIN numbers

According to the investigation, the data breach happened between November 27 and December 15, 2013, one of the busiest shopping times of the year. It’s believed data mining software was installed on the magnetic credit/debit card readers, which collected customers’ data. While the investigation is still ongoing, the alleged hacker is Russian teenager, Sergey Taraspov.

 Adobe

Earlier in 2013, the same year as Target’s data breach, Adobe suffered an attack as well. It’s estimated 152 million individuals were affected. Hackers not only obtained sensitive customer information but also sensitive company software information such as:

• Customer IDs
• Full names
• Login information
• Encrypted passwords
• Credit/Debit card numbers
• Expiration dates
• Source code for Adobe Acrobat and Reader and ColdFusion
• Partial source code for Photoshop

The identities of the hackers have not been identified, but similarly to Target, Abode has offered its customers a free year of credit monitoring by Experian.

US Military

This is an example of human error. In 2009, before deleting or destroying the data on the hard drive, the U.S. military veterans agency sent a defective unencrypted hard drive to its vendor for repair and recycling. According to Wired.com, it was the largest release of personally identifiable information by the government. The data breach was responsible for leaking social security numbers, dating back to 1972, of 76 million veterans.

While the vendors were under contract for privacy, it has not been determined if and how many veterans or government employees’ identities have been affected. However, at the time, it was the National Archives and Records Administration’s (NARA) policy to return defective hard drives to their vendors. Since then, the policy has changed and more stringent methods of destroying the data have been put in place.

Hackers aren’t solely responsible for data breaches. Natural disasters and human error also account for a number of breaches. Protecting customer and company sensitive information shouldn’t land solely with the IT department. It’s vital to not only have a strong disaster recovery plan but also to educate and inform your employees on how to prevent data breaches. If a data breach happens, it’s important to share the particulars within the industry in order to make network and information security stronger.

Which data breaches have surprised you the most? And, what have you learned from them?