When data is accessed by unauthorized people, it is generally with malicious intent; even if it isn’t, this kind of data can fall into the wrong hands. In these cases, there were negative consequences, but just the idea that some personal information was stolen or even visible to a hacker can destroy a company’s reputation. Customers must be able to trust the website where they use their personal information and their credit cards. Here are ten crazy security breaches that will tarnish the reputations of these companies forever.
This is the only breach on the list that wasn’t technically an attack on a company. Stuxnet was a type of computer virus created called malware that was designed to disrupt industrial control systems. The origin of it has never been definitively named. Hackers were using Stuxnet to control different computers and machines in a nuclear plant in Iran. The code could have been used in many other ways as well if the hackers had chosen to do so, disrupting water supply, transportation, and the power grids. This destroyed almost a thousand uranium enrichment centrifuges. It happened in 2010.
This happened very recently, towards the end of July 2017. Equifax is among the most significant credit bureaus in the country. They provide businesses with credit or demographic data and a few other services. Consumers can purchase credit monitoring and fraud-prevention services from them as well. There was an application vulnerability on one of the company’s websites that allowed someone to get in and access information that they shouldn’t have. Social security numbers, driver’s license numbers, birth dates, and addresses were all part of the breach, with 143 million people affected. In addition, a little more than 200,000 people had their credit card data exposed.
Adult Friend Finder
Adult Friend Finder is part of the FriendFinder Network that encompasses several sites. It is one of the most extensive networks of its kind, dedicated to allowing adults find casual sex. Even though apps like Tinder and OkCupid have stolen the spotlight in this regard, millions of people still use the service. In October of 2016, someone found and triggered a Local File Inclusion vulnerability that allowed them to access the data of more than 400 million people. People used the leak data to extort money from people that didn’t want to get caught. The original hacker demanded a ransom of $100,000 from the company. It is unclear whether or not they paid or took other corrective action.
It would seem that not many people use Yahoo anymore, but that doesn’t make this any less serious. 3 billion people were affected. The first time the company admitted that there was a problem was in 2014 when they came out to say that the names, birthdays, and telephone numbers of 500 million people had been accessed. They would revise that statement a few more times until 2017 when the entire truth came out. Billions of people’s names, emails, phone numbers, and security questions were all compromised. The expanse of the problem is attributed to the fact that Yahoo failed to investigate after the first incident.
Sony’s PlayStation Network
Users can purchase games, DLC, and other cool digital accessories on the PlayStation Network. In 2011, all 77 million PSN users had their names, birthdays, passwords, home addresses, credit card information, and more stolen from them because of a hack to the network. The website was down for a month which lost the company almost $200 million. A portion of the users hacked had unencrypted credit card information stored. Sony is adamant that the data was encrypted; however, users later that year were reporting fraudulent purchases being made on things like groceries, and even plane tickets. Sony agreed to a preliminary settlement of $15 million in a class action suit a few years ago.
This was one of the first huge data breaches to be in the news consistently as it unfolded. Close to Christmas in 2013, the banking information and contact information of up to 110 million people was stolen from Target. It took several weeks for the breach to be discovered, which supposedly was made possible by a third-party HVAC vendor. The stores POS (point of sale) system was accessed. This incident has been valued at $162 million, and a few months after it happened, the CIO and CEO both resigned. The company has since made ‘significant improvement’ to its security systems, but big names in the security industry still say that it is outdated.
Early in 2014, Home Depot had a problem where their point of sale system was infected with malware that was posing as an anti-virus software. The program was uniquely designed specifically for this kind of attack. They discovered it in September of that year and launched an investigation to put a stop to it. The credit and debit card information of almost 60 million customers had been stolen. The company estimated $161 million of pre-tax expenses in total for the breach. That covers all the associated costs and the settlement plan that was reached.
eBay a multinational e-commerce platform that started in 1995. Popularity has waxed and waned, but it has been steadily in business since then. In 2014, the site fell victim to a cyber attack that affected 145 million users. eBay has been very candid about how the hackers were able to get in, using the information of three corporate employees, and that they had full access to the entire system for 229 days. Customers were asked to change their passwords, but the company has said they store financial information, such as credit card numbers separately and therefore, this data was not compromised. User activity did drop, but the revenue and earnings were still in the green.
Customer names, IDs, passwords and debit and credit card information was all stolen during this attack in 2013. Adobe reports that 38 million users were affected, but some blogs that published the leaked information seemed to include that of well over 100 million users. The source code of several Adobe products was also stolen. The company reached a settlement agreement in 2015 for them to pay customers an undisclosed amount, and legal fees just over a million dollars, to settle out of claims that the company violated the Customer Records Act and orchestrated unfair business practices. The settlement amount reportedly paid to the affected users was around a million dollars in November of 2016.
JP Morgan Chase
JP Morgan Chase is the biggest bank in the country, and in 2014 76 million households and 7 million small businesses were the victims of a security breach where the names, addresses, phone numbers and email addresses, as well as internal information regarding the account holders, was accessed. The company says that “account numbers, passwords, user IDs, dates of birth or Social Security numbers” didn’t seem to be compromised based on the evidence that they had. However, the data of more than half of all US households was in the hands of these hackers. Apparently, no money was stolen, but the criminals had root privileges for many accounts, like closing them or transferring funds. Four men were indicted on charges related to this attack; two have pleaded not guilty, one is awaiting trial, and one of them has not yet been named.