The only way to keep history from repeating itself is to learn from the mistakes of the past. The following is a list of the most significant cyberyattacks from the last decade, as compiled by TechTarget:
Yahoo – 2013
With the unfortunate legacy of being the largest breach in the history of the internet, all three billion Yahoo accounts were compromised. The organization took 3 years to notify the public of the breach and that every account’s name, email address, password, birthdate, phone numbers, and security answers had been sold on the dark web.
Equifax – 2017
Probably the most damaging attack occurred just 3 years ago with the hack of Equifax. The hackers were successful in gaining access to 143 million Equifax customers and information vital to the lives of all.
The data stolen from Equifax included customer’s names, birthdates, social security numbers, driver’s license numbers, and addresses, and the hackers released over 200,000 credit card numbers and more than 182,000 documents containing personal identifying information.
Sony Pictures – 2014
Hackers were successful in wreaking havoc on Sony Pictures by releasing damaging emails sent between Sony employees and discussing what they really felt about some of the world’s top film stars. The hack was in retaliation for Sony’s production of a Seth Rogen film, The Interview, and featured an attempt to assassinate the North Korean leader, and propelled North Korea into international prominence.
Marriott Hotels – 2018
This attack has gained notoriety because the malicious actors behind the scenes had an unprecedented four years with which to move around the Starwood system. The hackers gained access to the names, credit cards, passport numbers, and addresses of millions of people who stayed at the hotel between 2014 and 2018 and no Starwood hotel was left untouched.
Starwood Hotels operate under the brand names of Sheraton, Westin, W Hotels, St. Regis, Four Points, Aloft, Le Méridien, Tribute, Design Hotels, Element, and the Luxury Collection.
Ashley Madison – 2015
While this attack was not financially significant, the damage it caused was devastating. When hackers breached Ashley Madison, the “discreet extramarital dating website” in 2015, more than 30 million email addresses and hundreds of credit cards were leaked. The company was sued in 2017 for $11 million as a result of the breach, but the ramifications for some were life-altering.
Target – 2013
Affecting more than 40 million Target customers, cybercriminals were successful in obtaining payment card details. In the years following, Target ultimately admitted the number was even larger, and estimated that the impact reached 110 million of their consumers, resulting in the ousting of Target’s then CIO.
Capital One – 2019
One of the most recent breaches occurred in July when Capital One bank acknowledged that for almost 14 years (2005 to 2019), hackers gained access to the financial information of 100 million Americans and six million Canadians.
The United States
Office of Personnel Management – 2015
Perpetuated by the Chinese government, the attack on the US Office of Personnel Management is considered one of the most significant to ever hit the government in the history of the country.
The hackers gained access to 21 million records of current and former government workers, even including information from background checks of individuals who were not even hired by the government.
First American Financial – 2019
For over 15 years, real estate title insurance company First American Financial was the victim of a breach that exposed over 800 million financial, real estate deeds, loans and other real estate specific files.
Stuxnet – 2010
Formed in collaboration with the United States and Israel, the Stuxnet worm was the first example of government-led cyberattacks on third parties causing infrastructure damage to an opposing force. The worm destroyed over 900 of Iran’s uranium enrichment centrifuges and ruined most of the nuclear program.
The biggest challenge for businesses like yours with cybersecurity is the simple fact that users are unaware of the risks.
Keep in mind that 90% of cyberattacks are a result of human error.
Employees are the weakest link in the chain when it comes to your cybersecurity. Have you taken the time to evaluate your internal policies and security?