The news is full of stories of confidential data that has been accessed by unauthorized individuals. These are called data breaches, and the damage done by these attacks can amplify over time as more data is leaked, sold, or used for unintended purposes.
This is not a new threat, but it’s hard not to notice the increase in frequency and size. It’s important to understand the history of data breaches because that knowledge can potentially help you protect sensitive data in the future!
The First Data BreachesThe internet has been around since 1983, but the first reported digital data breach didn’t occur until 2004. Before that, data breaches had to be orchestrated by hand.
That’s right, hacking a computer isn’t the only way information can be accessed. Practices like social engineering, dumpster diving, and good ol’ breaking and entering have been used by criminals seeking to steal information for years.
Memorable Data BreachesDo you remember when these giant breaches were breaking news?
2004 AOL Breach
The first reported digital data breach was orchestrated by a 24-year-old AOL employee. The software engineer stole 92 million AOL customers’ email addresses and screen names to attempt to sell or with the plan to sell or with the intention of selling to bulk emailers.
Consequently, AOL users received excess spam from those who had purchased their emails and usernames. Luckily passwords and credit card numbers had been stored separately.
2007 TJX/TJ Maxx Data Breach
After months of refusing to release the size of this data breach, TJX was finally forced to admit 45.6 million credit and debit card numbers had been compromised. TJX Companies Inc. included stores like TJ Maxx, Marshalls, and HomeGoods.
Later that number would jump up to 94 million credit card numbers compromised, making it the largest breach at the time.
2014 Sony Data Breach
Hackers who dubbed themselves “Guardians of Peace” released 40 gigabytes of private data that had been stolen from Sony Pictures film studio. It is suspected the attack was sponsored by North Koreans since threats were being made over the potential release of the movie The Interview. To please those threatening them, Sony canceled the theatrical release of The Interview and it was sent straight to DVD.
Much of the public fallout came from the leaked emails of Sony execs. It took awhile for the internet to scour over the emails, but they discovered many stories ripe for celebrity gossip reports.
2015 Ashley Madison BreachThe hackers behind this breach also had a name for their group: The Impact Team. The Impact Team threatened that if Ashley Madison – a dating website known for facilitating extramarital affairs – did not shut down, they would be releasing copied Ashley Madison company and user data. The website was not shut down and 9.7 gigabytes of information was leaked.
You can imagine what the public learned about who was using the site, but one of the most interesting facts gleaned from the data dump was that more than 70,000 of Ashley Madison’s female users were just robots.
2017 Yahoo! BreachThe Yahoo breaches occured before 2017, but it wasn’t until then that execs finally came clean about how much of their customers’ data had been compromised. What initially was thought to be a breach affecting 1 billion user accounts turned out to be an attack affecting all 3 billion user accounts.
It’s likely you may have been an owner of one of those 3 billion accounts. If so, at least change your password to something unique that is not used with any other account. Honestly, it’s in your best interest to go ahead and switch to a new email system altogether. Breaches like these illustrate that it’s better to be safe than sorry!
The Future of Data BreachesOne of our hopes is that, in the future, companies who have had their, or their customers’ data breached, will be more transparent. History does show that companies who do not disclose the breaches, or their extent, suffer bad press and loss of the public’s trust.
With more companies recognizing the value of security awareness training for their users, we can also hope to greatly decrease the amount data breaches. When employees know how to look out for social engineers, insider threats, errors, lapses in policy, and other common breach starting points, they have the potential to stop leaks before they happen, whether they are intentional or not.
Learn from the data breaches that have come before you. What types of information were accessed and potentially stolen? Start thinking about how you can protect your own information now, before the next data breach occurs!