In the recent Equifax breach, more than 140 million people had their personal information compromised, including names, birthdays, social security numbers and addresses. But Equifax’s security lapse has merely been the most prominent in a string of high-profile data breaches this year. And this problem isn’t exactly new.
Digital Guardian groups contemporary breaches into a period dating from now back to 2005, when conditions of the current data-centric technological era began to develop. To contextualize Equifax and other recent cybersecurity incidents, we took a look back at six major data breaches in the last 10 years.
TJ Maxx (2007)
Retail chain TJ Maxx experienced a major data breach back in 2007. Hackers accessed the information of 45.7 million credit and debit cards of consumers at both T.J. Maxx and Marshalls (both are owned by the same parent corporation).
At the time of its occurrence, the incident was thought to be the largest consumer information breach in history. But as we know now, breaches could — and would — get much larger.
Information from 134 million credit cards was exposed when the Heartland Payment Systems company was compromised in 2008. The attackers used an SQL injection to put spyware on Heartland computer systems. The breach was discovered in 2009, after Visa and Mastercard noticed suspicious transaction activity.
Heartland ultimately had to pay credit card companies more than $110 million to settle breach-related claims.
Sony Playstation Network (2011)
In 2011, a hacker accessed information about the accounts of all Playstation Network users. The network left the credit card numbers of 70 million users vulnerable, and names and physical and email addresses were confirmed stolen.
Sony’s other notable recent breaches include the Sony Online Entertainment hack, also in 2011, and the infamous Sony Pictures hack of 2014.
A security breach in Target computer systems during the 2013 holiday season left the credit card information of up to 110 million customers vulnerable. The company did not find out about the security issue until a few weeks after Thanksgiving.
Due to the breach, Target had to pay millions to affected customers and banks in charge of reimbursements.
Yahoo (2013, 2014)
This slot on the list actually encompasses two major security breaches: the Yahoo breach of 2013 and the Yahoo breach of 2014. Both security lapses were not made public until years later.
In 2016, Yahoo revealed that an enormous breach in 2014 had compromised the information of 500 million users. Details stolen included names, telephone numbers, email addresses and birthdays. The hacking is believed to have been state-sponsored, and the U.S. charged two Russian spies with the cyberattack.
Yahoo recently disclosed the 2013 breach was even larger than first imagined, and it left the information of 3 billion users vulnerable. Names, email addresses, birthdays, security questions and answers and some passwords were accessed.
Friend Finder (2016)
Friend Finder, the parent company of sex-related websites AdultFriendFinder.com, Cams.com, Penthouse, Stripshow, and iCams.com, suffered a major data breach in 2016 that exposed the account information of users at all of those sites.
The breach affected 412 million people in total, with the majority coming from the 300 million accounts accessed on AdultFriendFinder.com.
The company reportedly had a weak mode of protecting passwords, which allowed at least 99 percent of those passwords to be accessed in the attack.