Data breaches affect millions of people from across the world and they mean hackers get their hands on your data, on your usernames, your email addresses, your physical addresses, and social security numbers.
All the data we share online, whether we’re talking about emails, Facebook posts and likes, photos uploaded to the cloud, and so on, may qualify as cyber secrets, depending on what they contain and the circumstances surrounding the data. There’s certainly something, somewhere, in your accounts that you don’t want others to see. Maybe it’s racy photos, maybe it’s a compromising email, maybe it’s a friendly banter that can be misinterpreted by certain people. It doesn’t really matter what form it takes, because you trust the services you use to keep your data safe, to protect your secrets. But that’s not always the case. Data breaches happen, whether because hackers outsmart companies, or because someone makes a mistake somewhere and leave files unprotected, or an open door that no one sees.
It’s not something that gives anyone any pleasure to admit, but data breaches are a fact of life. And they’re only going to get worse because the data we feed online keeps piling on.
That being said, we wanted to take a look at this year’s worse data breaches. Sure, not all of them may have actually happened during this calendar year, but this is when they were reported by the affected companies. We’re going to take into consideration not only the number of records exposed but also the impact of the data.
The worst data breaches of 2017
3. River City Media – 1.37 billion records
Throughout the whole year, there’s been no breach of this level. In fact, there are few to ever reach this level. Now, while the number is immense, the information contained in the breach is actually data that was, mostly, already online in some form or another.
River City Media is, officially, an email marketing firm. In truth, it’s pretty much a spam operation that sends up to a billion messages a day. The data that was left unprotected by the company includes email addresses, combined with real names, some IP addresses, and even physical addresses.
2. VK – 171 million
Russia’s version of Facebook, called VKontakte, announced a serious data breach back in June. A hacker managed to get his hands on 171 million user accounts associated with the social network.
The data trove includes full names, email addresses, and, perhaps the worst part of it all – plain-text passwords. There was also location information attached to many of the records, and phone numbers.
Now, the social network has some 350 million users, but back in late 2012 or early 2013 when the hack took place, there were under 190 million users. This means that almost every last one of VK’s users were affected by the data breach.
1. Equifax – 143 million
The numbers may not be the highest for Equifax’s data breach, but the sensitivity of the stolen data brings it to the top of the list. Equifax is a credit reporting agency, which means the amount of data it stores on Americans is staggering.
Real names, social security numbers, addresses, credit card numbers, driver license numbers, birth dates, and more were included in the data pile. Surprisingly, the IRS wasn’t too concerned with this, since they believe a big part of this data pile was already online somewhere, as part of other breaches.
One important mention regarding this year’s data breaches goes to Yahoo. The company conveniently announced after the Verizon acquisition completed, that those 1 billion accounts affected in the 2012 data breach was much larger – 3 billion large. So if you had a Yahoo account back then, you were affected. The company isn’t on the list because the data breach isn’t anything new, just the magnitude suffered a change.
Kaspersky also figured out it had suffered a pretty serious data breach after it was accused of spying on the US government. Frankly, the whole Kaspersky story was a big mess this year. It seems that Israeli intelligence officers hacked into Kaspersky Lab software and figured out Russian hackers were using the antivirus tool to access classified info from the laptop of one NSA contractor.
The reality was that one contractor brought work home with him, on his personal computer which was running Kaspersky. The antivirus detected a file that it thought was suspicious, which was actually NSA-made. Automatically, the report went back to the company’s servers and, apparently, the Russians picked it up. The antivirus was just doing its job. Now, Kaspersky is banned on US government computers.
This has been a pretty big year for data breaches and we can only hope that next year won’t bring even more mishaps. Reality, will, however, be quite different.