Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The 15 biggest data breaches of the 21st century

Taylor Armerding | July 13, 2017
Security practitioners weigh in on the 15 worst data breaches in recent memory.

In 2014, Sony agreed to a preliminary $15 million settlement in a class action lawsuit over the breach.


10. Anthem 

Date: February 2015
Impact: Theft of personal information on up to 78.8 million current and former customers.
Details: The second-largest health insurer in the U.S., formerly known as WellPoint, said a cyberattack had exposed the names, addresses, Social Security numbers, dates of birth and employment histories of current and former customers – everything necessary to steal identity.

Fortune reported in January that a nationwide investigation concluded that a foreign government likely recruited the hackers who conducted what was said to be the largest data breach in healthcare history. It reportedly began a year before it was announced, when a single user at an Anthem subsidiary clicked on a link in a phishing email. The total cost of the breach is not yet known, but it is expected to exceed $100 million.

Anthem said in 2016 that there was no evidence that members' data have been sold, shared or used fraudulently. Credit card and medical information also allegedly has not been taken. 


11. RSA Security

Date: March 2011
Impact: Possibly 40 million employee records stolen.
Details: The impact of the cyberattack that stole information on the security giant's SecurID authentication tokens is still being debated. RSA, the security division of EMC, said two separate hacker groups worked in collaboration with a foreign government to launch a series of phishing attacks against RSA employees, posing as people the employees trusted, to penetrate the company's network.

EMC reported last July that it had spent at least $66 million on remediation. According to RSA executives, no customers' networks were breached. John Linkous, vice president, chief security and compliance officer of eIQnetworks, Inc. doesn't buy it. "RSA didn't help the matter by initially being vague about both the attack vector, and (more importantly) the data that was stolen," he says. "It was only a matter of time before subsequent attacks on Lockheed-Martin, L3 and others occurred, all of which are believed to be partially enabled by the RSA breach." Beyond that was psychological damage. Among the lessons, he said, are that even good security companies like RSA are not immune to being hacked.

Jennifer Bayuk, an independent information security consultant and professor at Stevens Institute of Technology, told SearchSecurity in 2012  that the breach was, “a huge blow to the security product industry because RSA was such an icon. They’re the quintessential security vendor. For them to be a point of vulnerability was a real shocker. I don’t think anyone’s gotten over that,” she said.


12. Stuxnet 

Date: Sometime in 2010, but origins date to 2005
Impact: Meant to attack Iran's nuclear power program, but will also serve as a template for real-world intrusion and service disruption of power grids, water supplies or public transportation systems.
Details: The immediate effects of the malicious Stuxnet worm were minimal – at least in the United States – but numerous experts rank it among the top large-scale breaches because it was a cyberattack that yielded physical results.


Previous Page  1  2  3  4  5  6  7  Next Page 

Sign up for CIO Asia eNewsletters.