Biggest Data Breaches of All Time

A data breach occurs when personal information is accessed, disclosed without authorisation or is lost. This may occur in a physical sense — for instance, if you were to lose your wallet and it contained your driver’s license and bank cards — but in the 21st century, this type of security breach is much more likely to occur on a mass, digital scale.

As consumers, we hand over enormous amounts of personal information to commercial, corporate and governmental bodies on a daily basis. Whilst these organisations usually do everything that they can to ensure data is stored in a safe and secure manner, breaches do still occur and usually at the hands of cybercriminals.

Data breaches can be devastating, both to the victims and the organisations who have been hacked. On an individual scale, data breaches can result in the circulation of personal information on the dark web which usually leads to identity theft. For an organisation, large data breaches often result in a loss of consumer trust and on occasion, large financial penalties.

With all of this in mind, let’s take a look at some of the most notable data breaches of all time as well as the steps you should take to safeguard your personal information online.

Notable data breaches

LinkedIn

As one of the world’s biggest social networking sites, LinkedIn is no stranger to data breaches. In 2012, the company announced that around 6.5 million login details were stolen by hackers and posted onto a Russian cybercrime forum. In 2016, the true number of affected users was revealed to be upwards of 165 million.

The man responsible for the crime, Russian hacker Yevgeniy Nikulin, was recently sentenced to seven years in prison for his role in remotely hacking into the LinkedIn network, installing malware and stealing login credentials.

Ashley Madison

A website that marketed itself as an online dating service for those who are married or in relationships, Ashley Madison made worldwide headlines in 2015 when it was revealed that 32 million users had fallen victim to a data breach. Names, passwords, addresses, phone numbers and financial transaction records were all dumped onto a dark web site.

At the time, Ashley Madison had a graphic on their website that described their services as ‘100% discrete’ — whilst the website still operates, that slogan has certainly been removed.

This particular data breach had devastating real-world impacts, with thousands of individuals forced to confront the fact that their partner had been involved in an extra-marital affair.

Marriott International

One of the world’s largest hotel chains, Marriott International was victim to one of the world’s biggest data breaches in 2018 when over 339 million customer records were revealed to have been stolen.

Cybercriminals initially attacked the Starwoods Hotel Group in 2014, which was acquired by the Marriott Group two years later. It was not until 2018 that Marriott realised that their databases had been compromised, during which time it is estimated that the credit card numbers and expiry dates of over 100 million customers had been stolen. Names, email addresses, phone numbers, passport details and arrival/departure information were also made freely available to the hackers.

Marriott International paid heavily for their prolonged negligence and were fined £18.4 million by the Information Consumer’s Office for failure to safeguard customer records. Unfortunately, it does not appear that they learnt from their mistakes; in 2020 it was announced that 5.2 million customer records had been stolen by hackers who had obtained the login details of two employees.

Canva

An Australia graphic design platform, Canva has sky-rocketed in popularity over the past few years due to its easy interface and beautiful designs.

In 2019, the start-up was victim of a mass data breach that affected an estimated 139 million users. Email addresses, usernames and encrypted passwords, names and cities of residence were all exposed.

Canva released a statement saying no financial details had been breached and due to the high level of password encryption, they did not expect any user credentials to be compromised.

Protect your online data

As the above examples demonstrate, there is often very little that you can do to safeguard your personal information from cybercriminals, particularly once it is in the hands of large corporate organisations.

Nevertheless, there are many different types of cyber security that you should be aware of in order to safeguard your online privacy.

• Use strong passwords: Create passwords that include a combination of uppercase and lowercase letters, numbers and special characters. Never use the same password twice on two separate accounts and change your passwords fairly regularly — at least three times a year.
• Use multi-factor authentication: Multi-factor authentication is becoming an increasingly popular cyber security tool as it requires an individual to possess login details and a secondary piece of evidence to gain access to an account. This is often another device that has an authentication app installed. Should your information be obtained through a security breach, cybercriminals still will not be able to access your account.
• Monitor your financial accounts closely: Should you notice any suspicious behaviour or transactions that you don’t recognise, immediately contact your financial provider.
• Consider dark web monitoring: Dark web monitoring is a service offered by many internet security companies that can alert you should your personal information be found on the dark web. Whilst there is little that you can do to remove data from the dark web, you can take proactive steps (such as contacting your bank and governmental organisations) to mitigate any damage.