male hacker dressed in black

What Is A Data Breach & Who Has Been Compromised?

What is a data breach? A data breach occurs when hackers gain unauthorized access to personal customer information due to faulty transactions, technological malfunctions, human error and improperly stored or disposed of data.

According to Statista, in 2018 there were 1,244 documented data breaches with over 446.5 million records exposed. While there were more breaches in 2017 (1,632), this was by far the highest number of records exposed (2009 – 222.5 million).

Data breaches can cripple companies of all sizes, from small local businesses to large multinational corporations, particularly if they don’t have cyber liability coverage to protect them.

Businesses are responsible for notifying those affected and must cover credit monitoring and identify theft resolution costs, on top of research why the breach occurred and ensuring it does not happen again.

…but these cyber attacks don’t only hurt the businesses they occur to. Consumers take a hit too.

Money might be withdrawn from their bank accounts without their consent, and hackers can steal personal information such as emails, passwords, social security numbers and access other identifying information to commit further crimes and damages.

…and these issues don’t just fix themselves. It takes time to change information, get new cards and recover from losses, which takes away from work and other day-to-day priorities.

The larger the company, the more data they store, and the more people are at risk. In this article, we’ll document five of the largest data breaches in recent memory.

Yahoo (2012-2016)

If you had a Yahoo account from January 1st, 2012 to December 31st, 2016, you might have been one of 500 million users impacted by one of the largest data breaches in history.

This includes those who had standard Yahoo email accounts, as well as Yahoo Fantasy Sports & Finance, Tumblr and Flickr.

Malicious actors gained unauthorized access to their system on separate occasions in 2012, 2013 and 2014, but it was not disclosed until 2016. It has been reported that names, emails, phone numbers, birthdays, passwords, and security questions and answers of Yahoo account holders, although Yahoo claims that no data was actually taken.

It was recently announced that a $117.5 million class-action settlement has been filed, where users can get two years of free credit monitoring services from AllClear ID, or up to $358, although most are expected to receive $100 or less. Users have until July 20, 2020 to file a claim, which can be done here.

There are a number of factors to consider when filing a claim, so if you have been impacted we encourage you to read through the link above to learn about your options.

Equifax (2017)

One of the largest consumer credit reporting agencies, Equifax, suffered a data breach in 2017, which exposed 147 million people’s personal information.

Equifax agreed to a global settlement of up to $700 million to help those affected with the FTC, the Consumer Financial Protection Bureau, and all 50 US states and territories.

The personal data stolen, which included names, birthdays, social security numbers, home addresses, drivers license numbers and credit card numbers, opened customers up to identity theft and other criminal risks.

Those filing claims have two options; to receive free credit monitoring and identity theft protection services for up to 10 years, or cash payments, which cap out at $20,000 per person.

Terms and conditions apply so we suggest following the above link for a detailed breakdown.

Facebook (2012-2013, 2016 & 2018-2019)

Facebook has been scrutinized for years about unauthorized data use dating about to 2012-2013, where a year long breach led to the information of 6 million years being exposed, including phone numbers and email address.

They also faced backlash following the 2016 presidential election, when Cambridge Analytica gained access to more than 87 million users data.

Fast forward to 2018, another attack on their computer network led to the exposure of the data of nearly 50 million Facebook users. In this instance, attackers took advantage system flaws in Facebook’s code and gained access to user accounts, with the intent of taking them over.

Most recently in April 2019, the cybersecurity research firm UpGuard reported that over 540 million records on FB users were exposed on Amazon’s cloud computer service. The report stated that there were two third-party app developers that made these record public.

Information exposed including user data, account names, user IDs, reaction/comment details, friends, photos, location check-ins, and most of all, 22,000 users passwords. The companies involved were alerted about the breaches in January of 2019, but nothing was made public until April.

DoorDash (2019)

In September 2019, the food delivery company, DoorDash, announced a data breach through their blog that impacted 4.9 million customers.

While the breach occurred on May 4, 2019, users who joined the site after April 5, 2018 were not impacted.

The culprit was a third-party provider, and users names, email addresses, phone numbers, delivery addresses, and passwords were stolen, along with the last four digits of their credit card numbers. Delivery workers and other merchants had their bank information and drivers license information stolen as well.

Following this, DoorDash took steps to secure customer data, including adding extra layers of security and protocols to govern their systems. They also encouraged all users to promptly change their passwords and monitor their bank accounts.

Zynga (2019)

Last, but certainly not lease, Zynga, a game publisher had over 218 million players data exposed. Don’t know who they are?

They are the makers of Words with Friends and Draw Something, and users had their login information stole. They’re also known for the game FarmVille.

Zynga announced the breach on September 12th, and a notorious Pakistani hacker named “Gnosticplayers” accepted responsibility for the attack.

Additional information taken included user names, emails, phone numbers and Facebook, login and account IDs.

Protection From Data Breaches

Now you know what is a data breach, but that doesn’t mean you’re in the clear.

The best way to prevent a cyber attack is taking proper security measures to protect your customers personal information. Safeguard data, secure your computers and install firewalls.

Educate and train your employees on best practices, and periodically update your own internal login information, keep software up-to-date and properly destroy and dispose of old data.

The next best step to take is getting cyber liability coverage. This insurance will protect your business in the event of a data breach, and cover costs associated with credit monitoring, court costs, data recovery, identity theft resolution, installing future security measures, time spent on notifying customers and more.

If you have any questions about the right cyber coverage for your business, give us a call at (973) 237-1000.