What is a data breach? A data breach occurs when hackers gain unauthorized access to personal customer information due to faulty transactions, technological malfunctions, human error, and improper storage or disposal of data.
According to Statista, in 2018, there were 1,244 documented data breaches, with over 446.5 million records exposed. While there were more breaches in 2017 (1,632), this was by far the highest number of records exposed (2009 – 222.5 million).
Data breaches can cripple companies of all sizes, from small local businesses to large multinational corporations, particularly if they don’t have cyber liability coverage to protect them.
Businesses are responsible for notifying those affected and must cover credit monitoring and identity theft resolution costs. They must also research why the breach occurred and ensure it does not happen again.
…but these cyber attacks don’t only hurt the businesses they occur to. Consumers take a hit, too.
Money might be withdrawn from their bank accounts without their consent, and hackers can steal personal information such as emails, passwords, and social security numbers and access other identifying information to commit further crimes and damages.
…and these issues don’t just fix themselves. Changing information, getting new cards, and recovering from losses take time, which can impact your work and other day-to-day priorities.
The larger the company, the more data they store, and the more people are at risk. In this article, we’ll document five of the largest data breaches in recent memory.
Yahoo (2012-2016)
If you had a Yahoo account from January 1st, 2012, to December 31st, 2016, you might have been one of 500 million users impacted by one of the largest data breaches in history.
This includes those with standard Yahoo email accounts, Yahoo Fantasy Sports & Finance, Tumblr, and Flickr.
Malicious actors gained unauthorized access to their system in 2012, 2013, and 2014, but this was not disclosed until 2016. Yahoo has claimed that no data was actually taken, although it has been reported that names, emails, phone numbers, birthdays, passwords, and security questions and answers of Yahoo account holders were taken.
It was recently announced that a $117.5 million class-action settlement has been filed. Users can get two years of free credit monitoring services from AllClear ID or up to $358, although most are expected to receive $100 or less. Users have until July 20, 2020, to file a claim, which can be done here.
Several factors must be considered when filing a claim, so if you have been impacted, we encourage you to read through the link above to learn about your options.
Equifax (2017)
One of the largest consumer credit reporting agencies, Equifax, suffered a data breach in 2017, which exposed 147 million people’s personal information.
Equifax agreed to a global settlement of up to $700 million to help those affected with the FTC, the Consumer Financial Protection Bureau, and all 50 US states and territories.
The stolen personal data, including names, birthdays, social security numbers, home addresses, driver’s license numbers, and credit card numbers, opened customers up to identity theft and other criminal risks.
Those filing claims have two options: free credit monitoring and identity theft protection services for up to 10 years or cash payments, which cap out at $20,000 per person. Terms and conditions apply.
Facebook (2012-2013, 2016 & 2018-2019)
Facebook has been scrutinized for years for unauthorized data use dating back to 2012-2013, when a year-long breach led to the information of 6 million exposed, including phone numbers and email addresses.
They also faced backlash following the 2016 presidential election, when Cambridge Analytica gained access to more than 87 million users’ data.
Fast-forward to 2018, when another attack on their computer network exposed the data of nearly 50 million Facebook users. In this instance, attackers took advantage of system flaws in Facebook’s code and gained access to user accounts with the intent of taking them over.
Most recently, in April 2019, the cybersecurity research firm UpGuard reported that over 540 million records on FB users were exposed on Amazon’s cloud computer service. The report stated that two third-party app developers made these records public.
The information exposed included user data, account names, user IDs, reaction/comment details, friends, photos, location check-ins, and 22,000 users’ passwords. The companies involved were alerted about the breaches in January 2019, but nothing was made public until April.
DoorDash (2019)
In September 2019, the food delivery company DoorDash announced a data breach through their blog that impacted 4.9 million customers.
While the breach occurred on May 4, 2019, users who joined the site after April 5, 2018, were unaffected.
The culprit was a third-party provider, and users’ names, email addresses, phone numbers, delivery addresses, and passwords were stolen, along with the last four digits of their credit card numbers. Delivery workers and other merchants also had their bank information and driver’s license information stolen.
Following this, DoorDash secured customer data, adding extra security and protocols to govern their systems. They also encouraged all users to change their passwords and monitor their bank accounts promptly.
Zynga (2019)
Last but certainly not least, Zynga, a game publisher, had over 218 million players’ data exposed. Don’t know who they are?
They are the makers of Words with Friends and Draw Something, and users had their login information stolen. They’re also known for the game FarmVille.
Zynga announced the breach on September 12th, and a notorious Pakistani hacker named “Gnosticplayers” accepted responsibility for the attack.
Additional information included user names, emails, phone numbers, Facebook login, and account IDs.
Protection From Data Breaches
Now you know what is a data breach, but that doesn’t mean you’re in the clear.
The best way to prevent a cyber attack is to take proper security measures to protect your customer’s personal information. Safeguard data, secure your computers, and install firewalls.
Educate and train your employees on best practices, periodically update your internal login information, keep software up-to-date, and properly destroy and dispose of old data.
The next best step is getting cyber liability coverage. This insurance will protect your business in the event of a data breach and cover costs associated with credit monitoring, court costs, data recovery, identity theft resolution, installing future security measures, time spent notifying customers, and more.