As we complete the first quarter of 2018, let’s take a moment to look back at recent history and the excessive number of data breaches. And they weren’t just your normal breaches. There has been viral, full-on campaign hacking, state-sponsored ransomware, and leaks of spy tools from government intelligence agencies. Below are some of the Top Data Breaches that happened to date.
MyFitness Pal, Under Armour’s health and fitness app, had a data security breach that exposed the personal data of roughly 150 million users. The company said the breach occurred in February, exposing usernames, hashed passion and email addresses related to user accounts.
50 million profiles of Facebook users were “harvested” without their consent to a consulting firm, Cambridge Analytica, that was hired by Donald Trump’s 2016 campaign. Facebook CEO and co-founder Mark Zuckerberg admitted to the leak and said that the company failed its users.
Equifax had one of the worst security breaches in history when it announced that Social Security numbers and driver’s license numbers of more than 147 million consumers were exposed to hackers. Equifax is still feeling the after-effects of that 2017 breach. State and federal investigations have been launched and lawsuits have been filed against the company.
A mysterious hacking group known as the Shadow Brokers made an impactful release of significant NSA tools, such as a Windows exploit known as EternalBlue, which have been used by hackers to infect targets in two high-profile ransomware attacks. The identity of shadow brokers is relatively unknown, but the group’s leaks have revived debates about the dangers of using bugs in commercial products for gathering intelligence. Major organizations keep these flaws to themselves, instead of notifying the software companies to patch the vulnerabilities and protect its customers. If these tools are released to the public, they could potentially endanger billions of people.
A strain of ransomware called WannaCry was spread and walloped thousands of targets around the world, including large organizations and public utilities. The most notable attack was when the ransomware crippled the National Health Service hospitals and facilities in the United Kingdom by temporarily hobbling emergency room, delaying crucial medical procedures, and creating troubles for most British patients and family.
The WannaCry ransomware might be powerful but it has significant flaws, such as the mechanism that was effectively used by security experts as a kill switch to disable the malware and stop its spread. It was later discovered by US officials that the ransomware was a project executed by the North Korean Government that went awry. The project was supposed to raise revenue while causing havoc, which stole almost 52 bitcoins.
A month after the WannaCry ransomware infections hit targets worldwide, a new malware called Petya, Goldeneye, and so on was spread. The malware was more sophisticated in various ways, but still had different flaws such as an ineffective and inefficient payment system.
Although, the malware infected network servers of major organizations in multiple countries- like the Danish shipping company (Maersk), Russian oil giant (Rosnoft), and US pharmaceutical company (Merck). Security experts suspect that the ransomware was actually aimed at Ukraine. The ransomware hit major infrastructures in Ukraine particularly hard by disrupting utilities such as airports, the central banks, public transit, power companies, and other series of cyber-attacks against the country.
eBay data breach
Since there was an improper feed between the two companies, the personal information of most customers on eBay was made available via Google’s Shopping platform. Data that was leaked included purchase history that revealed sensitive products such as pregnancy test, HIV home test kits, and drug testing kits.
Uber revealed that in late 2016 there was a data breach that could potentially expose the personal information of more than 57 million Uber users and drivers but admitted that it chose to keep the leak a secret and pay the hackers off instead.