Skip to main content

These 5 data breaches have left the biggest mark on Americans

Data breaches and hacks hit us at an alarming pace if you follow the news. We’re reminded almost daily of just how fragile our internet-based financial and commercial infrastructure is. 7 percent, or about $1.35 trillion, of US GDP is generated digitally makes cracking (i.e. criminal hacking) large companies an alluring activity for online criminals.

There are all sorts of ways to categorize and rank these data breaches — some have important political significance and others are represent new trends in cybersecurity and online crimes. But in light of the recent Capital One breach, the following list are the five that have had the most devastating and widespread effect on the average person over the years.

Equifax

equifax security breach
Smith Collection/Gado/Getty Images

Probably the most frequently cited and visible example of a data breach, Equifax revealed that its records of consumer spending habits were compromised in September 2017. The data loss exposed the sensitive financial data of more than 145 million consumers in the US, and several million in the UK as well. Its effects also reverberated beyond the intrusion proper to impact US consumers with records held by Equifax competitor TransUnion.

There are a number of factors that rightly cement the Equifax breach as the most serious in history. For one thing, more so than other intrusions, it resulted from grossly inadequate response on the part of the breached company. After initially learning of the compromise of their enterprise systems, Equifax buried any public admission of failure for five months. The sum total of Equifax’s mismanagement was so immense that it led to one of the rare instances of company executives suffering meaningful consequences, forcing then-CEO Richard F. Smith to resign.

The other element that distinguishes this digital security lapse among so many others is the vividness with which it illustrates how companies that consumers don’t directly do business with handle sensitive information, and are impacted adversely when that data is mishandled. Two years on, we are still seeing this incident make headlines, with consumers now scrambling to collect their cut of the enormous class action settlement.

Capital One

Capital One Data Breach
Drew Angerer / Getty Images

Only days old, the theft of data from approximately 100 million customer accounts is proving significant enough to reserve it a place in the history ebooks. Already, a criminal investigation into the incident has been opened, and an estimate of the cost in revenue loss and recovery expenditures has been calculated. In all likelihood, the swift response is due to not only lessons learned from Equifax, but from how unsettling of a prospect it is that such a major financial institution could be digitally infiltrated.

The company maintains that much of the more sensitive stolen data is encrypted, but like the Equifax breach, the cautionary measure of freezing their credit which consumers are forced to take involves substantial knock-on effects that will persist for years. The allegedly lone attacker in this case also shows how vulnerable we all are to a single motivated individual bent on sowing chaos.

WannaCry

Wannacry Ransomware
Image used with permission by copyright holder

Although it did not directly touch consumers per se, May 2017’s WannaCry attack shocked many with its mind-boggling global scale. In all, it ensnared upwards of 200,000 victims in over 150 countries, and succeeded in destroying numerous production systems beyond recovery when the ransom couldn’t (or wouldn’t) be paid. As a result, millions of employees around the world were doubtless thrown immediately into crisis remediation mode.

WannaCry easily merits its spot in hacker history for the numerous lessons it taught consumers and the information security industry as a whole. For starters, it illustrated the extent to which a wide array of industries rely on legacy technology that is way out of support cycle, as the attack primarily set its sights on Windows XP devices. This played out in a particularly terrifying fashion when it was able to bring such critical infrastructure as the UK’s National Health Service to its knees despite the relatively small number of victim systems. 

Also, because the exploit supposedly originated with the NSA, and was subsequently leaked via the Shadow Brokers, it clearly demonstrated the unintended second-order consequences of nation-state exploit stockpiling, and the improper handling thereof. All of this combined to induce serious reflection on the state of critical infrastructure security.

United States Office of Personnel Management

Mark Van Scyoc / Shutterstock.com

An intrusion into the network of the US Office of Personnel Management (OPM) allowed attackers to pilfer the personal information of 22 million US government employees, some of whom had access to classified information. As part of the trove, the intruders were able to make off with more than 5 million fingerprint records.

Even more alarming was how profoundly vulnerable the breach proved the OPM to be. What is commonly regarded as “the OPM breach” was actually two hacks, with the first one occurring in 2013 to steal department documentation (ostensibly in preparation for the subsequent stage) and the second one taking place in 2014 to execute the theft of OPM’s employee data. In fact, Congress was repeatedly warned that OPM was woefully unprepared to fend off an intrusion.

Reporting to this point has laid the blame on China. Regardless of which actors perpetrated the attack, though, the vulnerable position that so many US military and intelligence personnel are in as a result carries serious national security implications that will be felt for decades to come.

Ashley Madison

Ashley Madison
Image used with permission by copyright holder

In July 2015, the accounts of 36 million users of the adultery-facilitating “dating” site Ashley Madison were stolen and dumped on the internet. Because of the illicit nature of the services offered, many of these accounts were only distinguishable by pseudonym. However, while there is no reliable figure for how many real identities it revealed, a number of users were positively identified by credit card information or by the use of work emails, including those belonging to government employees.

What made the hack particularly nasty, and noteworthy, were the resulting attempts to blackmail victims, and the pitched moral battle that ensued in the public sphere. It also fascinated the American public consciousness by the way that it shed light on a murky and taboo aspect of society. Since the data was publicly available, many curious would-be social scientists performed data analysis on it to discern trends. The Ashley Madison breach established itself as a prominent example of a niche case in which a digital compromise roiled society even in the absence of large financial losses.  

Jonathan Terrasi
Former Digital Trends Contributor
Jonathan has studiously followed trends in technology, particularly in information security and digital privacy, since 2014…
Microsoft data breach exposed sensitive data of 65,000 companies
A depiction of a hacker breaking into a system via the use of code.

Microsoft servers have been subject to a breach that might have affected over 65,000 entities across 111 countries, according to the security research firm, SOCRadar.

SOCRadar claims that it shared with Microsoft its findings, which detailed that a misconfigured Azure Blob Storage was compromised and might have exposed approximately 2.4TB of privileged data, including names, phone numbers, email addresses, company names, and attached files containing proprietary company information, such as proof of concept documents, sales data, product orders, among other information.

Read more
A data breach can cost millions of dollars — and you might be paying it
A dark mystery hand typing on a laptop computer at night.

According to a recent report from IBM Security, data breach costs are constantly on the rise. Unfortunately, this spells bad news not just for the companies involved, but also for the customers -- in more ways than one.

The report, which states that an average data breach is now estimated to cost $4.4 million, exposes the fact that the skyrocketing costs of data breaches directly affect the prices paid by the end customer.

Read more
Personal data of 69 million Neopets users is now up for sale after a data breach
Person typing on a computer keyboard.

Neopets, an aged website that lets users keep virtual pets and take care of them, just suffered a major data breach. Aside from the personal data of over 69 million users, the hacker was able to obtain the website's source code.

This isn't the first time Neopets has faced a massive leak, but this time around, user data is currently being sold for crypto -- and the leak includes more than just usernames and passwords.

Read more