Prime Factors Blog

Famous Data Breaches – and What They Cost

Posted by Gwen Fremonti on May 4, 2017 10:00:00 AM

Blog-05022017-BreachesCost.png

While it's the largest data breaches that grab our attention, even smaller information security failures can have a big impact on a business, reducing its credibility, turning off current and potential clients, and making individuals far more vulnerable to fraud and identity theft.

In this article, we’ll look at some of the biggest data breaches ever and examine just how they affected the companies that were victimized. We’ll also answer other questions you might have about some of the biggest (and worst) information security incidents in recent history, such as: How much have the biggest breaches cost? How many customer or user accounts did they expose? How do they compare in size and scope to the Yahoo breach? Let’s find out.

To learn how encryption can lower the cost of regulatory compliance while enhancing security, download our white paper Reducing the Cost of Regulatory Compliance with Encryption 

Yahoo: Paying the Piper tor Insufficient Cybersecurity

For most organizations, a data breach compromising even 100 customer accounts would be a big deal – so it’s difficult to imagine the harm that would come to your business if it lost the data from 1 billion customer accounts. Just ask the folks at Yahoo, which just last year reported that in 2013 and 2014, the company experienced 2 breaches that resulted in 1.5 billion user accounts becoming compromised.

Now Yahoo’s paying for the breach. Since finding out about it, Verizon has slashed their acquisition offer price by $350 million to $4.48 billion, down from the $4.83 billion it previously offered. However, that $350 million cut might be a deal, considering the fact that in some cases, the average data breach costs more than $150 per record, Yahoo theoretically could have seen costs of 225 billion, far more the value of the company even during its best days. Other evidence, however, places the cost per record of large data breaches at $0.58, which would place the total cost at a more realistic $870 million.

Friendfinder: Breach Date: 2016, Breach Discovery: 2016, Accounts Breached: 412 Million

Getting exposed as a member on FriendFinder, an adult dating and casual hookup website, could be a devastating embarrassment for many people. And that’s exactly happened to nearly half-a-billion people last year. The hack didn’t only affect FriendFinder, but also impacted a variety of sites and portals that are part of its network. Reports indicate that more than 400 million of the 412 million hacked accounts’ passwords were cracked even before the data was published on LeakedSource.com.

Estimated cost: $239 million

Myspace: Breach Date: Unknown, Breach Discovery: 2016, Accounts Breached: 360 Million

During MySpace’s peak in 2008, it was the predominant social network in the entire world, attracting nearly 80 million unique visitors each month. The mighty MySpace might have fallen out of favor as the world’s most popular social network, but that didn’t stop it from popping up in the news last year over new evidence of a hacking scandal thought to extend for at least several years. The breach was exposed when a Russian hacker attempted to sell information from the breach online, but investigators and MySpace executives say they still don’t know exactly when the initial hack occurred. 

Estimated cost: $209 million

Linkedin: Breach Date: 2012, Breach Discovery: 2012-16, Accounts Breached: 165 Million

LinkedIn might be one of the best places to network for a job, but it might not be a safe place for your personal data. In 2012, the professional networking site told 6.5 million account holders to update their passwords, but it wasn’t until 2016 that the true number of breached accounts was revealed to be 165 million. LinkedIn account holders are recommended to change their LinkedIn account password, as well as to seriously consider changing their bank account passwords and credit card numbers.  

Estimated cost: $96 million

Heartland Payment Systems: Breach Date: 2008, Breach Discovery: 2009, Accounts Breached: 130 Million

Heartland Payment Systems, a payment processor based in New Jersey, is responsible for processing payments for more than a quarter of a million businesses. Unfortunately, malware planted on the company’s computer network was able to successfully record data from over 100 million credit cards. Albert Gonzalez, the criminal hacker behind the thefts, was sentenced to 20 years in prison, longer than any other computer criminal has ever been sentenced in the United States. 

Estimated cost: $75 million

Target Stores: Breach Date: 2013, Breach Discovery: 2013-14, Accounts Breached: 110 Million

In 2013, Target announced that hackers had infected the company’s payment card readers and stolen the credit card numbers of 40 million customers. Two months later, the company revealed that the contact information of 70 million more customers had also been compromised. 

Estimated cost: $64 million

The Commonalities Between Major Corporate Data Breaches Hold Lessons for Businesses of All Sizes

If you take a closer look at many of these data breaches, certain patterns begin to emerge. Many major corporations simply haven’t taken the right steps to secure and encrypt their data – especially the payment data and personal information of their customers. It may also be beneficial to realize that malware also played a role in many of these breaches, and that means that companies need to specifically take actionable steps to defend against it if they want to keep their data secure. 

Finally, it’s important to note that while some companies discovered a breach relatively quickly after it occurred (unlike Yahoo, which didn’t discover its breach for 4 years), many did not understand the full extent of the breach until months or years later. It’s important to remember that at LinkedIn, a breach they first thought had only affected only 6.5 million customers ended impacting 165 million. Incidents like these mean that businesses need to do a significantly better job at understanding and detecting the full scope of a breach and its potential consequences immediately after it is detected. 

In many ways, the business world has a lot of catching up to do when it comes to instituting effective cybersecurity strategies – both to prevent incidents before they occur, and in cleaning up and assessing the damage that’s occurred in the aftermath of these incredibly expensive, reputationally harmful, and time consuming breaches.

To learn more about how our full-service encryption solution can protect your company’s data from a variety of digital threats and help you comply with data security standards, call Prime Factors at 888-963-6358 or reach out through our contact form for a free consultation.

 

To learn how encryption can lower the cost of regulatory compliance while enhancing security, download our white paper Reducing the Cost of Regulatory Compliance with Encryption.  

Topics: encryption, PCI Data Encryption, PCI Data Security Standards, data breach, encryption keys