Top 5 Data Breaches in History

Written by

Data breaches happen when confidential, sensitive or protected information is exposed to people who haven’t been authorized to access it. These expensive security incidents stem from various causes, including ransomware attacks, physical theft, phishing campaigns and entrusting your cybersecurity to a one-trick password pony.

While many data breaches result from deliberate cyber-criminal acts, a study by Tessian and Stanford University found that 88% of data breach incidents in 2020 happened simply because somebody somewhere screwed up.  

That human error should account for so many data breaches shouldn’t come as that big of a surprise. Sometimes all it takes is accidentally hitting the CC button on an email or neglecting to set a cloud storage device to private.

Last year in the United States, more than 37 billion records were exposed in the nearly 4000 data breaches that were reported. Statistics like these would be shocking if we hadn’t all reached ‘breach fatigue’ years ago.

Data breaches are now so common that there are five-times more data breach victims than cat owners in the United States. To shatter your data breach ennui, here are some of the biggest, strangest or most embarrassing breaches in history.

  1. LifeLock

    LifeLock cofounder and former CEO Todd Davis was the victim of identity theft 13 times between 2007 and 2008. If that makes you want to say “Aww, poor guy,” you must have missed the company’s 2007 ad campaign that was featured online and on TV, billboards and trucks across the United States.

    The campaign depicts Davis wearing an earnest expression and a suit and tie and holding up his social security card. Printed alongside this image are Davis’ name and social security number. In the ad, the company promised to protect its customers against identity theft.

    Taking the ad as an invitation, cyber-criminals posing as Davis obtained a loan and opened accounts with AT&T, Verizon and a Texas utility, leaving Davis with the bills. The Federal Trade Commission later fined LifeLock $12m for deceptive advertising.

  2. FriendFinder Networks

    More than just data was exposed when adult dating and entertainment company FriendFinder Networks sustained the most significant breach of 2016.

    Hackers got their dirty mitts on 20 years of historical customer data after compromising 412,214,295 records stored in databases belonging to Adultfriendfinder.com, Cams.com, Penthouse.com, Stripshow.com and iCams.com.

    Former users who had deleted their accounts must have been gutted to realize that their email addresses were exposed along with those linked to active accounts. Hackers were hardly the ‘friends’ they had in mind when they signed up.

  3. Yahoo

    The once-popular search engine and webmail makes the list for suffering the biggest data breach ever recorded (among other breaches).

    Yahoo said no data was taken during two data breaches in 2012, but the company eventually admitted that cyber-attackers had gained access to an eye-watering 3 billion Yahoo accounts in 2013.

    The following year, another breach at the internet service company impacted over 500 million user accounts. Hackers swiped names, email addresses, birth dates, telephones numbers and answers to users’ security questions — data which later turned up for sale on the dark web.

  4. Boeing

    Data worth $2bn was swiped from aerospace company Boeing in what could be the longest-running data breach in US history.

    Between 1976 and 2006, Greg Chung stole around 250,000 pages of sensitive aerospace documents related to the US space shuttle and military aircraft, including the B-1 bomber. 

    Chinese-born Chung, who changed his first name to Greg when he became a US citizen, stored the stolen documents on makeshift shelves he had installed in crawlspace underneath his home in Orange, California.

    In 2009, Chung became the first American to be convicted of economic espionage and was sentenced to 15 years and nine months behind bars. He died in prison in 2020 from Covid-19. 

  5. Swedish Transport System

    The personal data of nearly every Swedish citizen was leaked in one of the worst government information security disasters of all time. What made this gargantuan exposure worse is that the T Swedish Transport System essentially did it to themselves.

    In 2015, the Transportstyrelsen hired IBM to manage its networks and databases. Then the agency uploaded onto cloud servers an IBM database containing details of every vehicle in the country.

    Next, the agency emailed the whole database to subscribed marketers in messages written in clear text. After discovering their error, the agency tried to fix the mistake by emailing a new list to the subscribers and asking them to delete the earlier one.

    Swedish IT entrepreneur Rick Falkvinge said the incident “exposed and leaked every conceivable top-secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation.”

    It then came out that the agency’s director general, Maria Ågren, had put her ink on a deal that allowed IBM staff in Czechoslovakia and Romania with no security clearance to access the database. She was later fired and fined.

If you liked this article, be sure to check out this upcoming Online Summit session:

What’s hot on Infosecurity Magazine?