An information security breach is the event of an external entity getting unauthorized access to the data of an organization. The reason for the success of such attacks is that the amount of resources being invested by most of the companies for security is far less than what can be considered sufficient, though cyber experts can’t agree on a single reason. Companies tend to focus mostly on the sensitive endpoints of their web assets. The less secure “not so sensitive” endpoints may be compromised by an attacker and then the trust relationship between this endpoint and a sensitive one can be exploited to bypass the security measures.
This is the reason behind most of the modern data breaches. The objectives behind these attacks are not always the same. Some are done for harming a company’s reputation among users and some are done just to obtain and then sell the data at places. It looks like the attackers to get a good deal as the expected rate ranges from $1 to $425 per record(According to Quartz).
Out of all the data breaches in the history of the internet, here are our top 5 picks:
1. Equifax Data Breach
Equifax is a US-based credit reporting agency that helps lenders in identifying credit payback likelihood by calculating borrowers’ credit score. The company announced on 7 Sept 2017 that it has discovered a massive information leak. It reported that the actual breach happened on July 29 and almost 143 million records had been victims of unauthorized access. These records included users’ personal details as well as social security numbers and credit card numbers. It was later found out that attackers exploited a vulnerability in the legacy code of Equifax to gain unauthorized access.
2. Yahoo! Data Breach
Yahoo! is a well-known company that offers news and mail services. 500 million users were affected in a 2014 cyber attack on Yahoo. The company later admitted that there was an even larger breach that happened in 2013 and went unnoticed for that time. The breach leaked usernames, passwords and personal info of around 1 billion users worldwide.
3. Target data breach
The eighth largest retailer in the USA announced a security breach in 2013 that affected 40 million customers. The company, unlike most other victim companies, decided to do something to maintain user trust. The company later in 2015 agreed to compensate to customers paying 10 million.
4. Myspace data breach
The social networking site Myspace was hit by a cyber attack in 2016 which resulted in 360 million usernames and passwords being leaked. This breach was attributed to a Russian hacker, which later claimed about a breach in LinkedIn. The LinkedIn breach also leaked a massive amount of data.
5. AOL accidental breach
This was a funny incident where careless employees put sensitive data online. During the March and May 2006, AOL published 20 million searches by hundreds of thousands of customers. AOL later apologized on 7th August and assured that no personal info was shared. Contrary to their statement, it was found out later by an editor of “TechCrunch” that the names addresses and credit card numbers were published.