Here at Hopewiser we're all about keeping your data neat and tidy, and we offer an array of services to keep your data compliant with the new General Data Protection Regulations (GDPR). With these rules coming into force tomorrow (25th May) we thought we'd take a look back at some of the biggest data breaches of the 21st century. Make sure you protect your business AND your data so that you don't find yourself in the same position as these companies below...unless you have a spare €20 million lying around that you could be fined for not being GDPR compliant.
1. Cambridge Analytica/Facebook
First and foremost, the Cambridge Analytica and Facebook scandal seems to us, the most controversial of the year so far. In March 2018, it was initially reported that over 50 million Facebook users’ personal data had been shared with Cambridge Analytica. Subsequent reports revealed that it was in fact 87 million users whose data had been obtained through the Facebook-linked app, "thisisyourdigitallife". Aleksandr Kogan, a member of the political consultancy firm, paid the social media sites users in exchange for a personality test which asked very specific questions.
Whilst people did voluntarily offer their details to the app, personal information was taken from the users' friends database without their consent, hence the breach. It is believed that this information was used to influence the opinions of voters, and the platform was sold to President Donald Trump in the run-up to the 2016 US General Elections. Long story short, in the aftermath of the scandal Mark Zuckerberg (Facebook CEO) apologised for the breach and testified to congress. According to techradar he expressed, "It was my mistake, and I’m sorry. I started Facebook, I run it, and I’m responsible for what happens here."
Next on the list is a double whammy by web services provider, Yahoo. In 2013, 3 billion user accounts were compromised by unidentified hackers. That included every single account on Yahoo, Tumblr, Flickr, and other Yahoo-owned online properties at the time. The culprits stole data including dates of birth, email addresses, security questions, and answers to weakly protected passwords. It took between 2-3 years to discover what had happened so it wasn't until 2016 that the breach surfaced.
By this time, the company were already dealing with a second breach that had occurred 2 years previously in 2014. Although user passwords were more protected compared to the ones in the 2013 breach, it did not stop hackers from attempting to steal them. This time round it was 500 million accounts that were compromised, including data regarding real names and telephone numbers (could this be why many of us were receiving cold calls?). Yahoo's one saving grace is that the majority of their users' passwords were hashed, which means they're processed through an irreversible algorithm using the latest Bcyrpt technology which makes them largely uncrackable. Hard luck hackers!
Before the Yahoo scandal there was the LinkedIn 2012 breach. It was discovered in 2016 that 165 million accounts were compromised on the professional business and employment server. This is a large increase from the original 6.5 million accounts that were indicated as being affected. Additionally, 117 million passwords had been hashed but not "salted". This cryptography term means that the hackers did not insert random data into users' passwords to make them harder to reverse. Other services, such as Netflix, scanned LinkedIn's data to see if any user passwords matched those that the same users had with other servers. If this was the case then they were forced to change them to increase their data protection. Surprisingly, LinkedIn did not investigate the breach any further, nor did they inform the affected users during the four year period...a bit late in the day now, don't you think?
Fast forward to 2014 again and we have yet another online giant breach, this time with eBay. 145 million accounts were affected in a cyber attack that occurred in late February or early March. Whilst personal information was compromised, no financial information was stolen...phew! However, Protection Group International (PGI) estimated that the total breaching costs amounted to a whopping $200 million. That had to hurt.
Between May and July 2017, 145 million accounts were compromised in one of the most damaging security breaches ever. Amongst the data stolen were names, dates of birth, social security numbers, addresses, and even driver’s license numbers. This hacking was particularly dangerous because with such detailed personal information, hackers were able to apply for mortgages, loans, and credit cards. Account holders have been advised to visit the Equifax website to see if their information was compromised.
6. Carphone Warehouse
More recently in 2018, the Information Commissioner's Office (ICO) fined Carphone Warehouse £400,000 after customers and employees data were put at risk as a result of serious failures within the system. After failure to secure the computer system, this allowed unauthorised access to the personal data of over 3 million customers and 1000 employees.
ICO also stated that in Q4 (2017-18) there were 957 reported data breaches, which was a 17% increase on the 815 reports in Q3. It is believed that this increase is due to the looming new GDPR regulations in addition to ICO's new Personal Data Breach helpline.
The above examples are just a mere selection of data breaches in an overall abundance of scandals from the 21st Century. Hopefully this is enough to sway you into ensuring that your data is GDPR compliant. Whether you work individually, own a small business, or are part of a big corporate chain, do not be fooled because the new regulations DO apply to you. DO NOT make the same mistakes as these companies and be hit with a massive fine, because €20 million could easily swamp you. Be GDPR smart and head over to Hopewiser's website today and trial our address cleanse service, complete with an online demo.
See the below timeline containing some more serious data breaches from the 21st Century.