The World's Worst Data Breaches of All Time
Target Data Breach
Date December, 2013
The Target TGT +0.6% Holiday Credit Card Breach of 2013 is destined to become a fixture in the curriculum of crisis management. And not in a good way.There is a very simple reason why, as the AP reports this morning, Target customers have reacted with “Fury and Frustration.” The retailer has played down the fact that its customers most needed to hear. In the notice on Target’s website about the “Unauthorized access to payment card data in U.S. stores,” the question of whether it is now safe to use your credit card at the company’s stores is relegated to the fourth question of a FAQ at the end of a 1,500 word statement.
Date: August 2006
In 2006, AOL accidentally released a file with the search data of over 650,000 of its members. While AOL user names were swapped out with random ID numbers, the wealth of leaked information -- social security numbers, addresses -- made figuring out the identities of those users possible. AOL pulled the file down, but the information had already spread. "This was a screw-up, and we're angry and upset about it," the company said it a statement. "It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted, and if it had been, it would have been stopped in an instant."
Date: December 2006
Affected: 94 million
In filings with the U.S. Securities and Exchange Commission yesterday, the company said 45.6 million credit and debit card numbers were stolen from one of its systems over a period of more than 18 months by an unknown number of intruders. That number eclipses the 40 million records compromised in the mid-2005 breach at CardSystems Solutions and makes the TJX compromise the worst ever involving the loss of personal data. The systems that were broken into were based in Framingham and processed and stored information related to payment cards, checks and merchandise returned without receipts. The data breach affected customers of its T.J.Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico. Also affected were customers of its Winners and HomeSense stores in Canada and TK Maxx stores in the U.K.
Heartland Payment Systems
Payment processing companies make ripe targets for would-be thieves. Heartland’s debacle in 2009 may have been the worst ever: the company lost 130 million records (gleaned from the magnetic stripe on the back of cards),including names, credit and debit card numbers and expiration dates due to some lines of malicious code placed in its system by indicted hacker Albert Gonzales.
A malware-laden flash drive inserted in a laptop at a U.S. military base in the Middle East in 2008 led to the "most significant breach of" the nation's military computers ever, according to a new magazine article by a top defense official.The malware uploaded itself to the U.S. Central Command network and spread undetected on classified and unclassified computers creating a "digital beachhead, from which data could be transferred to servers under foreign control," William J. Lynn III, U.S. deputy secretary of defense, wrote in his essay in the September/October issue of Foreign Affairs. Cyberattacks offer a means for potential adversaries to overcome overwhelming U.S. advantages in conventional military power and to do so in ways that are instantaneous and exceedingly hard to trace. Such attacks may not cause the mass casualties of a nuclear strike, but they could paralyze U.S. society all the same," he wrote. "In the long run, hackers' systematic penetration of U.S. universities and businesses could rob the United States of its intellectual property and competitive edge in the global economy.
Sony Playstation Network
Date: April 2011
Affected: 77 million
What seemed like an ordinary service outage for Sony's online gaming and movie service became notorious for being one of the biggest online breaches ever. In April of last year, hackers gained access to over 77 million PlayStation Network accounts, with 12 million unencrypted credit card numbers as well as user information like full names, passwords, and purchase history. The debacle would prove to be just the first in a series of attacks against the tech giant, with Sony Online Entertainment and Sony Pictures also eventually falling prey.