We live in a digital world. In the advent of social distancing that will only increase. With facilitating daily activities online, bad actors will likely follow. Looking back over the years, we have seen a lot more awareness and publicity of the destructive potential of both data and security breaches online. Although some of the more recent years pale with some previous years and the terrible Yahoo breach of 2013, in particular. There is still obviously much to learn and improve upon for optimum cyber-security.
Although the largest hacks often make the headlines. We can all do something to protect our own personal data. Such as using firewalls and VPNs, as well as making sure we update our software whenever it prompts us to do so.
There is also a lot of IT security online programs for those who are interested in making a career out of IT security. There is no denying that this is one of the most booming industries at the moment. The demand for security professionals is currently outweighing the supply. This makes it an exciting industry to get involved in, and one that will pay well.
Irrespective of your role in the world of security. Whether you want to make a career from it or you’re concerned about your business’s security. We can learn from breaches that have been and gone. From government websites to private company breaches of account data. Here are the 10 most embarrassing data breaches of recent times that we can learn from.
Aadhaar is a 12-digit identification tool for Indian residents. It consists of both biometric and demographic data. With some 1.22 billion users, it was a huge embarrassment when in January 2018, it was announced there had been a data breach. Potentially compromising the personal information of all its users. This came to fruition in an article published by the Tribune News Service alleging that Aadhaar login data could be purchased from active sellers using WhatsApp for just 500 rupees. Also that they could be delivered in just 10 minutes. These data leaks offered everything from a citizen’s contact information to a very own ID card. By sheer volume, this was the largest breach of 2018.
2. Marriot International Hotel
At the end of 2018, Marriott reported a hacking breach of personal information of up to 500 million of its guests internationally. Even more embarrassing for Marriott has been the confirmation that encrypted payment card numbers have also been stolen. This certainly casts doubt on how large service industry companies can protect customers and consumers.
MyHeritage, the genealogy site which offers detailed family trees and genetic plotting, confirmed the breach of at least 92 million accounts. The incident was found only when a security researcher located an archive from a third-party server containing the stolen details. In response to this embarrassing leak, MyHeritage have confirmed they will be rolling out two-factor authentication for users. What’s more, MyHeritage made this information public after the EU’s new GDPR legislation forced the security incident to be disclosed.
Facebook has been in the cross-fire for some time now. Especially for its role in the Cambridge Analytica breach. This was magnified even further when it was revealed that up to 50 million of their users have had their details stolen in the largest security breach in Facebook’s history. Even more embarrassing for Facebook’s public relations woes has been the covering up of the breach. As well as the censoring of such news by Facebook’s spam filter.
5. Under Armour
The popular US fitness brand took a hit when its associated software, MyFitnessPal, recorded the theft of some 150 million potential users. Although the company has assured consumers that the data is strongly encrypted. It sheds a dark and foreboding image of the uses of mobile tracking technology and how this information can be leaked, stolen and shared. Less embarrassing is the transparency Under Armour has shown in making this news public; something that Facebook could learn from.
6. Google Plus
Another internet giant experiencing a bad time in the world of data breaches was Google. From controversy regarding self-censorship in China. To their allowing of Gmail app developers to have access to private emails. They also experienced a major security breach that has led to their Google Plus platform being shut down. This embarrassing episode saw 500,000 users’ private information breached and stolen due to an API bug. Google’s worries worsened when it was revealed that this information was kept from the public before the bugs were fixed. All at the behest of Chief Executive, Sundar Pichai.
The ticket distribution Ticketfly was hacked a couple of years ago, with up to 26 million email and home addresses stolen. Ticketfly’s parent company is Eventbrite who took some time to acknowledge and verify the hack, after which it was taken down temporarily. The information leaked did not include credit card or password information, but it was still enough to take Ticketfly off the internet.
8. The US Centers for Medicare & Medicaid Services
This US government agency experienced a data breach that exposed the personal information of some 75,000 individuals in October 2018. Although this is just a fraction of those records kept on file, it is an embarrassing position for a government agency to be in.
Singapore’s SingHealth was hacked last summer, making it the biggest cyberattack in Singapore history. Hackers stole 1.5 million patients’ data and records, including those of Singapore’s Prime Minister, Lee Hsien Loong. The hack was organised specifically to identify Lee’s medication records as he has suffered and recovered from cancer in the past. In response to the hack SingHealth’s IT systems have been updated and reset – with tighter controls over workstation access.
10. British Airways
British Airways were the subject of a malicious cyber-attack in August, 2018. 380,000 of their customers had their personal details (including card information) hacked from both its website and online app. This was doubly embarrassing for British Airways. As they had previously faced a significant computer system failure in 2017, drawing great concern and criticism of their competence under new management, and highlighting the importance of cybersecurity and good data recovery services for us all.
This article is a partnered post that contains affiliate links.