As business processes and personal information move online, the number of data hacks is growing. Some are minor and go undetected, while others are so major that they can put an entire company at risk.
A Bloomberg News analysis gathered data on major breaches involving almost 200 corporate, government and non-profit organizations over the course of more than a decade, taking into account breaches of 1 million accounts or more.
Hacks ranged from a few million records exposed to several billion. Some cases involved exposure of emails and passwords only, while in others sensitive personal and financial information was stolen. Technology companies, retail, and financial institutions are the most typically targeted industries, but healthcare providers and hotels have also suffered some high-profile hacks.
Yahoo! shocked the world in 2016 when it confirmed that a 2013 security issue led to user information being stolen for all its 3 billion users at the time. Marriott International announced in 2018 that unauthorized access to a database since 2014 resulted in theft of contact and reservation information for up to 383 million customers, including 9.1 million unique encrypted payment-card numbers and 5.3 million unique unencrypted passport numbers; and Anthem announced in 2015 that hackers obtained personal information and employment data for members of affiliated health plans. Media reports put the tally to 80 million records exposed.
The U.S. Office of Personnel Management has suffered one of the worst hacks among governmental organizations. Attackers took advantage of lax security to its databases in December 2014 and walked away with sensitive personal information (including 5.6 million fingerprint records) on a total of 22.1 million government employees and individuals that had gone through security clearance background checks.
Accessing users’ data doesn’t always result in malicious activities against them, especially when organizations encrypt confidential information like passwords in their databases. However, when Social Security numbers, credit card data and other personal identifiable information and financial records are stolen, customers are in high risk of identity theft.
Data breaches also impact the hacked organizations themselves, which have to go through regulatory scrutiny and pay out big settlements, fines or damages to affected individuals. In the meantime, you can take small steps toward protecting your data by ditching ‘123456’ or ‘qwerty’ from your list of most-used passwords; using different passwords for different services; or resetting your passwords every now and then.