Every year millions of people become victims of a data breach. For the majority, the results are the same: hackers sell users’ data on underground websites and companies have to rush to rescue their reputation and stop a flood of customers leaving.
So, as today is Data Privacy Day we thought we’d look at the biggest breaches of the last 12 months.
Retailers at risk
Huge retail networks are a juicy target for criminals as there’s millions of pounds worth of money sloshing around at any one time. Think of all the pucrhases that the likes of Amazon or Ebay make each day and you begin to understand why they’re such a sought after market in the criminal world.
It’s been alleged (but never confirmed) that one group has successfully targeted three retail giants: Target (70 million records with banking information, phone numbers, emails and other data); the beauty supplier Sally Beauty (25,000 record stolen) and the home improvement store, Home Depot (banking data for 56 million cards and 53 million emails stolen).
— Eugene Kaspersky (@e_kaspersky) September 19, 2014
Interestingly, the Sally Beauty breach developed into something of a parody event when the hackers were themselves, hacked:
Another retail giant that was attacked was E-Bay with around 145 million customers having their data compromised. As a result, the company faced a class action law-suit and according to PC World, the cost of the law-suit spiralled to upwards of $5 million.
eBay has confirmed a massive leak of personal data, denied any financial data accessed. http://t.co/4qcwvrUvwF
— Kaspersky Lab (@kaspersky) May 22, 2014
Nobody is home and dry
Banks, online businesses, telecommunication companies and governmental bodies — they’re all at risk. You will no doubt hear about the data breach at Sony Pictures and the celebrity photo hack, the most popular incidents in 2014.
Banks from all over the world have been compromised by hackers and it appears nobody is safe:
- In the first month of the year, and with the help of one of its employees, the data of 20 million customers was leaked from the Korea Credit Bureau.
- In February, Barclays came under fire when 27,000 records were stolen and sold on to rogue city traders. As a result, the bank credibility took a beating and it had to compensate thousands of customers whose data were sold on the black market.
- In June, 80 million customer records were stolen from JP Morgan.
- As a result of a major hack that led to the data exposure of 27 million customers, South Korea authorities are evaluating the possibility of completely redesigning the national identity number system.
- Communication giants weren’t immune either. French telecoms group Orange was hacked twice in the first three months of 2014 resulting in the theft of 1.3 million users’ data. What was worse: the attackers compromised a software platform that the company used to send promotional emails and texts. No doubt, many people will think twice before signing up to something as a result.
- In October AT&T had to fire a too curious employee who obtained information from 1,600 customers’ accounts and may have viewed their Social Security and driver license numbers.
- In October the file hosting service Dropbox was compromised. 7 million users’ records leaked out onto the internet. The company stated that login credentials leaked from third-party sites or apps. Thus no matter how hard companies try to protect their servers they are helpless in face of users laziness and illiteracy. There will be more leaks in future until passwords like ‘123456‘ are consigned to the dust bin.
— Eugene Kaspersky (@e_kaspersky) January 23, 2015
How much is the data
But once your data is compromised, how much does it sell for? Well, the price of an individual record is relatively low. Brian Krebs, a IT security journalist reported that the offsite airport parking service Park ‘N Fly customers were selling at the range from $6 to $9 per card which included the card number, expiration date, verification code, as well as the cardholders name, address and phone number. Barclay’s bank clients’ data was valued higher — around $76 (£50) per file.
[Pullquote]Though everybody sells and buys information, the price of one separate record is relatively low[/Pullquote]
However, the price of compensation is significantly higher. Barclays offered (£250) to clients whose data was leaked, however many people saw this as an injustice and demanded more. Barclay’s ended up offering more as a result of the complaints with some customers receiving as much as £1,000.
Yet besides this cost, companies also have to spend money purchasing added IT equipment, extra IT infrastructure and security; more calls to their call centre; expert security investigators; and other added legal costs. Home Depot, for example spent $43 million on managing the consequences of one data leak.
— Kaspersky Lab (@kaspersky) January 26, 2015
So remember, data breaches are difficult for everybody involved but the ultimate responsibility falls on the holder of that data. If you’re concerned about your data security, always remember to use tough, difficult to guess passwords. Failing that, you could always use a reliable password manager.
Happy Data Protection Day!