Data is an asset—a valuable and highly sought-after asset. When cybercriminals gain unauthorized access to data, this is referred to as a data breach. A data breach is also commonly referred to as a cyber attack, a term that refers to the computer and the acquisition of raw information obtained from it. However, you look at it, lost, stolen, or compromised data is scary, frustrating, and daunting.
Think about the last time you visited your doctor’s office—the forms you filled out, the questions you answered. Or how about the time you applied for a credit card online, the blank spaces you filled in with all your personal information, such as your name, address, and social security number?
In today’s day and age, the information that banks, healthcare companies, and other institutions collect from you is stored on systems designed to keep your information safe. So, when you supply this information, you do so with the rightful expectation that sensitive information will be protected from criminals determined to secure data that does not belong to them.
It’s not only individuals like you who take comfort in knowing that their data is safe. Businesses and corporations store, process, and even share data related to their finances, customers, employees, and business operations. They invest in data protection so they can shelter their resources and function normally from one day to the next.
While data protection continues to advance and offer technologies such as encryption and multi-factor authentication, it’s not always foolproof. In fact, that’s why we’re here: the United States has experienced its fair share of data breaches throughout the years, data breaches so crippling that individuals, business owners, and corporations remain fearful of the threat and the implications that accompany a data breach.
Credit reporting companies exist to give you a helpful credit report that highlights your credit activity, current credit situation, and the status of your credit accounts. Equifax is one of those companies, and in 2017, they reported a massive cyber attack that had gone undetected for nearly three months. The successful hackers exploited a vulnerability in a third-party web portal, which allowed them to steal the personal data of 148 million U.S. citizens. In some cases, that personal data even included their driver’s license numbers. According to the Electronic Privacy Information Center, the data breach is “unprecedented in scope and severity.”1 The final settlement required Equifax to provide all U.S. consumers with six free credit reports per year—a solution that aims to protect consumers and give them added peace of mind, which can go a long way following an unexpected data breach.
Social media giant Facebook seemed unprepared to deal with the approximately 530 million users worldwide whose Facebook IDs, locations, email addresses, and other user profile details were stolen. Users’ information was stored in an unprotected server database and then posted to an amateur hacking forum. Even after the server was taken down, Facebook seemed to suggest that the damage had been done, that data was likely scraped before they managed to disable a specific feature that enabled users to search for others by simply plugging in their phone numbers. Worse yet, Facebook chose not to notify its users.2 Facebook faced widespread criticism regarding user privacy, but their troubles haven’t stopped because other data breaches have occurred as recently as this year.3
LinkedIn is a platform where you can post your resume, build your professional network, and connect with colleagues and other professionals representing a wide variety of industries. Unfortunately, LinkedIn was at the center of a cyber attack in the spring of 2021. A hacker performed what’s known as a data scrape, which enabled him to post the sensitive information he collected for sale on the dark web. Over 700 million users were affected by this data breach. Interestingly, LinkedIn reiterated that since no sensitive, private personal data was leaked, the data breach should be viewed as less a breach and more a violation of terms of service.4 That begs the question, How does a data breach differ from a violation of terms of service? Some would argue that there is no difference. A hacker that receives access to your full name, email addresses, phone number, workplace information, and more—and then sells it—can put you and other innocent victims at risk of identity theft, credit card fraud, and more.
It’s 2019. May, to be exact. First American Financial Corporation, a real estate title insurance company, discovered that approximately 885 million sensitive records (bank statements, account numbers, and mortgage payment documents, just to name a few) could be viewed by anyone who had access to a link—a link that should have been protected by verification or authentication measures. Even though this was classified as a data leak, not a data breach (the difference being that no hackers were involved), a significant design flaw in their website allowed unrestricted access to private information.5 That said, whether you call it a data leak or a data breach, the outcome was the same: once the information became public and the red flags were raised, First American Financial Corporation faced lawsuits and other repercussions because consumers were unhappy with their lack of due diligence when it came to protecting the data with which they were entrusted.
The Yahoo data breach goes down as the most significant data breach in United States history. Beginning in 2013, hackers gained unauthorized access to what would become a total of 3 billion user accounts. What’s more, per the New York Times6, Yahoo initially estimated that 1 million users were affected. Basic information such as names, addresses, phone numbers, birth dates, hashed passwords, and answers to security questions were stolen. Yahoo’s snail-paced response to the breach turned out to be a colossal mistake; 41 class-action lawsuits, a $35 million fine, and a significant drop in Yahoo’s sale price to Verizon were all repercussions of what remains the largest data breach in the United States.
Privacy: we all deserve it. Hackers, of course, would disagree because each successful cyber attack they carry out allows them to gain access to information they can use to their advantage.
As bothersome as it is to know that your data can be stolen, take comfort in knowing that there are complex systems in place that are designed to “outsmart” hackers and retain the integrity of your data within the specific systems that store it.
Every historic data breach that we’ve covered in this article emphasizes the vulnerability of computers and the sensitivity of the information we share. Even though one data breach after another led to lawsuits, regulatory fines, and even congressional hearings, there were lessons learned along the way. Companies addressed the damage and took a proactive approach: many invested in upgrading their data protection infrastructure.
Hackers will continue to hack—or at least try to—but comprehensive encryption, regular security audits, and other sensible strategies can prevent them from violating user privacy. That said, every unsuccessful hack is a victory; every detail kept confidential is a testament to the technology continuously being built and improved in an effort to protect organizations, individuals, and networks from unwanted and unscrupulous cyber attacks.
If you are concerned that your data may have been stolen in the past or are at risk, GOV+ can help you stay ahead of potential threats with our Identity Theft Protection solution and instant alerts about any fraudulent activity to your credit profile.
Sources: