Online Security Breaches, whether intentional or not, have become second nature over the past decade. If the military, major corporations and financial institutions fail to keep your data safe, then who can you trust? While network security engineers and law enforcement have resolved a few of the issues listed below, some are ongoing — even as far back as the AOL Data Leak that occurred in 2006. And, as the years go on, the stories continue with headlines stating that the current data breach is the “largest one ever.” This list of the Top 10 Worst Online Security Breaches provides evidence that might make individuals feel leery about when and how they use the Internet or their credit cards.
Some ways you can protect your information include the time-honored practice of never storing passwords on computers or mobile devices, to use passwords that are difficult to decipher (capital letters mixed with lower case letters, numbers and some symbols), and to consider using tokens or one-time-use codes that only you can receive. Otherwise, don’t click on suspicious links, and never hand out your credit card information or your social security number.
- AOL Search Data Leak: In a seemingly insane public demonstration, AOL released detailed AOL search logs of a large number of AOL users. On August 4th, 2006, AOL Research released a compressed text file on one of its websites containing twenty million search keywords for over 650,000 users over a 3-month period, intended for research purposes. AOL pulled the file from public access by the 7th, but not before it had been mirrored and distributed on the Internet. In January 2007, Business 2.0 Magazine on CNNMoney ranked the release of the search data #57 in a segment called “101 Dumbest Moments in Business.”
- VA Data Breach: In the second-largest data breach on record as of 2006 — and the biggest Social Security numbers breach ever — the Department of Veterans Affairs (VA) disclosed in May 2006 that approximately 26.5 million veterans were at risk of identity theft. According to the VA, an employee violated agency policy and took a laptop with the information on it home, where it was stolen in a burglary earlier that month. In 2009, the VA agreed to pay $20 million to veterans for exposing them to possible identity theft in 2006 by losing their sensitive personal information.
- Pfizer, Inc. Breach: In 2007, this pharmaceutical giant admitted that the personal information of almost 17,000 of its past and present employees was compromised. Pfizer said that the security breach occurred after a company laptop was taken home by an employee and P2P file sharing software was installed on it. This software led to the theft of the personal information. This incident highlighted the importance of implementing controls for preventing either accidental or deliberate data leaks via file sharing or other applications such as instant messaging.
- TJX Companies Breach: The parent company of TJ Maxx, Marshalls, HomeGoods and A.J. Wright stores, TJX Companies Inc., announced in 2007 that its computer system had been hacked and that the personal information of approximately 45.7 million customers had been compromised over a span of nearly two years. Several banks and credit unions around the country and in the other affected regions had to block and reissue thousands of payment cards as a result of the breach. TJX’s disclosure came just days after six Florida residents were arrested for allegedly launching a multimillion-dollar statewide credit card fraud ring using information stolen from the company.
- Heartland Payment Systems Inc. Breach: One of the largest data thefts of all time happened when Heartland, a credit card processing company that handled approximately 100 million credit card transactions each month, was hit by a large security breach in 2009. Three men were indicted later in August for stealing more than 130 million credit cards numbers from Heartland, 7-Eleven, and other companies. At the time of the report, Heartland did not know how long the malicious software was in place, how it got there, or how many accounts may have been compromised. The stolen data included names, credit and debit card numbers and expiration dates.
- Apple Breach: In 2010, more than 114,000 iPad users had their user accounts compromised. The news source said that this included a lot of high-profile users of the tablet, and was likely the fault of AT&T. This security breach exposed iPad owners, including dozens of CEOs, military officials, and top politicians. AT&T exposed a very large and valuable cache of email addresses, VIP and otherwise.
- Sony Security Breach: This exposure of personal data occurred in April 2011. Sony disclosed that the security breach affecting almost 77 million PlayStation Network users, and may also have affected 24.5 million users of Sony Online Entertainment. This may be the largest personal data heist in history. Credit card numbers and expiration dates of 12,700 non-U.S. customers, plus 10,700 direct debit records from customers in Austria, Germany, Netherlands and Spain, containing bank-account numbers, customers’ names and addresses were at risk.
- Bank of America Breach: 2011 was a stellar year for breaches, including on where a Bank of America employee leaked customer account information to scam artists, which resulted in over $10 million in losses. Some 300 BofA customers in California and other Western states reportedly had their accounts hit, and 95 suspects linked to the breach were arrested by the Secret Service in February.
- Epsilon Breach: In 2011, one of the world’s largest providers of marketing-email services experienced a data breach that may constitute the largest name and email address breach in the history of the Internet. Epsilon handles over 40 billion emails annually, and more than 2,200 global brands. Although no more than email addresses were stolen, various entities warned customers to be on the lookout for phishing campaigns that might ask for confidential information. Even months down the road, customers could get an email masquerading as a message from their bank or credit-card issuer containing poisonous web links.
- Mastercard and Visa Breach: One of the largest credit card heists in the U.S. occurred in March 2012, when Visa and MasterCard information about customers was exposed through using their cards for payment. The companies, which are the two largest global credit card processors, said the issue stemmed from a third-party vendor, reportedly Global Payments, and not their own internal systems. Bank officials said they were told by Visa and MasterCard that the breach occurred sometime from late January to late February, and included what is known as Track 1 and Track 2 data. That includes details like names, card numbers, validation codes, and in some cases, customer addresses.