This year is shaping up to be the “year of the data breach”. Almost every week this year so far, a company data breach has made the news. We decided to put together a list of the worst company data breaches to date in chronological order.
TJX Companies Inc.
Damage: At least 46 million records compromised; Cost the company $256 million
The TJX data breach was the biggest theft of consumer data in the United States when it was first discovered in 2007. The breach affected customers of Marshalls, T.J. Maxx, and HomeGoods. Over 45.6 million credit and debit card numbers was stolen over the period of 18-months. Reportedly 450,000 TJX customers also had their identity information stolen, including driver’s license numbers.
Heartland Payment Systems
Damage: 130 million records compromised
The Heartland data breach was the largest since the TJX breach. Over 130 million credit and debit card information was stolen. Heartland Payment Systems processed payments for more than 250,000 businesses across the country. For this breach, the hackers planted malware on Heartland’s data network and recorded card data as it arrived from retailers.
In 2010, Albert Gonzalez, the mastermind behind the Heartland breach (as well as the TJX breach), was sentenced to 20 years in prison. This is the longest sentence for a computer crime in a U.S. court.
Sony online entertainment services
Damage: 102 million records compromised; Cost the company $171 million
In April of 2011, unknown hackers targeted the PlayStation Network, which provides the home game consoles, Sony Online Entertainment, which hosts online multi-player online PC games, and Qriocity video, a music-streaming service.
Sony initially thought the personal information of 78 million PlayStation users, including login credentials, names, addresses, phone numbers, and email addresses, had been exposed. Investigators then discovered the attackers also targeted Sony Online and Qriocity, which brought the tally up to by 24.6 million. Also, the credit card data of approximately 23,400 users in Europe were also exposed.
Following the breach, the PlayStation Network went dark worldwide for more than three weeks.
Damage: 110 million records compromised; cost the company $162 million
In December of 2013, Target announced that hackers infected the company’s payment-card readers. Stealing over 40 million credit and debit card numbers have been, the hack happened during 2013 post-thanksgiving shopping.
In January 2014, Target announced that the contact information, full names, addresses, email addresses and telephone numbers, of 70 million customers had also been compromised.
Damage: 56 million payment cards compromised
In September of 2014, Home Depot finally announced that it was the latest victim of a data breach. In April or May of that year, their carder readers in stores in the US and Canada were infected by a malware that pretended to be antivirus software. The program stole customer credit and debit card information.
Damage: 69 million to 80 million records compromised
In February of 2015, Anthem, the second-largest health insurer in the U.S., revealed its customer database had been breached. Stolen data included names, addresses, dates of birth, Social Security numbers and employment histories; pretty much the holy grail of identity theft. It’s reported that close to 80 million current and former customers have been affected, including children.
Important to note
Sony Pictures Entertainment
Damage: Company’s inner workings completely exposed
Although this breach didn’t affect consumers, it still important to point out what hackers are capable of.
On Nov. 24, 2014, staffers at Sony Pictures Entertainment had their computer screens hijacked by a grinning skill. The Guardians of Peace said it had taken over the corporate network and would release detailed information about the company online if their demands weren’t met.
Over the course of the next few days, Sony Pictures internal data started appearing online, including social security numbers and scanned passports belonging to actors and executives, unpublished scripts, marketing plans, financial and legal information and even four unreleased Sony movies.
Over 45,000 employees and people who were paid by the company over the years were placed at high risk of identity theft. Rival movie studios got an inside look at everything Sony is doing and their next moves.
In addition to that, damaging conversations were leaked in which Sony executives bashed and disrespected their top talent.
The motive of the breach is still being debated. Whatever the cause, the breach threatened the survival of Sony Pictures Entertainment as a company and may be the most damaging internal corporate data breach ever.
Many companies have been hit more than once by hackers. What security measures do you have in place to protect your business in the event of a data breach? Contact IPR today at 877.282.4873 or head over to iprsecure.com/contact-us and allow us to prepare the right plan for your business.