By Tanushree Dubey
Published on: October 14, 2023 at 11:00 IST
In the digital world, data is the basic necessity of our daily lives. It’s what ties us to our personal details and financial records, forming the very essence of our digital existence. Yet, in this digital realm, there is also a shadowy threat of cybercriminals as they prey on valuable resource and causes data breaches that affects us all and is a threat on Right to privacy as well. In this article, we’ll understand data breaches, and discuss some of the most significant data breaches that has happened across the world.
Understanding Data Breach
The terms ‘data breach’ and ‘breach’ are often used alongside ‘cyberattack.’ However, it’s important to note that not all cyberattacks are data breaches, and not all data breaches are the result of cyberattacks.
A data breach is like a digital intrusion where unauthorized individuals break into secure systems to access sensitive information. This information can range from personal details, such as your Social Security number, bank account information, or medical records, to critical corporate data like customer records, intellectual property, and financial data.
Data breaches specifically involve incidents where the confidentiality of data is compromised. For instance, imagine a scenario where a relentless cyberattack floods a website, rendering it temporarily inaccessible. This, however, isn’t considered a data breach. On the other hand, picture a situation where a malevolent ransomware attack locks down a company’s customer data, and the attackers threaten to sell it unless a ransom is paid. That, indeed, is a data breach. The physical theft of hard drives, thumb drives, or even paper files containing sensitive information is another example of a data breach.
Data Breaches that have happened around the world
Yahoo Data Breach (2017)
Date: October 2017
Impact: 3 billion accounts
The company disclosed a massive data breach that had taken place back in August 2013. Initially reported as affecting 1 billion accounts, this breach revealed the compromise of security questions and answers, highlighting the potential of identity theft. Yahoo, amid negotiations to sell itself to Verizon, reported the breach on December 14, 2016.
Users were required to reset their passwords and re-enter any unencrypted security questions and answers. However, the story took a darker turn when, by October 2017, Yahoo revised the estimate to a staggering 3 billion user accounts. Thankfully, an investigation revealed that users’ passwords in clear text, payment card data, and bank information were not stolen. Nevertheless, this is one of the largest data breaches in history.
Aadhaar Data Breach (2018)
Date: March 2018
Impact: 1.1 billion people
The personal details of over a billion Indian citizens stored in the world’s largest biometric database, Aadhaar, could be purchased online. This massive breach resulted from a data leak on a system managed by a state-owned utility company, exposing the names, unique 12-digit identity numbers, and bank details of Aadhaar holders.
The breach was catastrophic, revealing photographs, thumbprints, retina scans, and other identifying details of nearly every Indian citizen. It’s an incident that underscores the gravity of data breaches and their far-reaching consequences.
Facebook Data Breach (2019)
Date: April 2019
Impact: 533 million users
Facebook faced a significant data breach, with over 533 million records exposed to the public internet. This breach included data from third-party Facebook apps, one of which originated from the Mexican media company Cultura Colectiva. The exposed data encompassed comments, likes, reactions, account names, Facebook IDs, and more.
The situation took a darker turn when the database was leaked on the dark web for free in April 2021, adding to the criminal exposure of data initially exfiltrated in 2019. This made Facebook one of the largest companies to be hacked in 2021.
These data breaches are reminders of the critical importance of data security today. They serve as cautionary tales for individuals, companies, and governments to continuously strengthen their cybersecurity measures to protect information and mitigate the far-reaching consequences of data breaches.
Domino’s India Data Breach (2021)
Date: May 2021
Impact: 1 million customers
Domino’s India, a well-known pizza brand, faced a massive data leak that affected 1 million customers. The breach exposed personal information of customers, including names, addresses, delivery locations, phone numbers, and email IDs. Shockingly, this data breach extended to a staggering 18 million orders placed through Domino’s mobile and computer systems.
This incident serves as a reminder that even widely recognized brands are susceptible to data breaches. It highlights the need for continuous vigilance and robust data protection measures, emphasizing the importance of safeguarding customer data from cyber threats.
Air India Data Breach Incident (2021)
Date: February 2021
Impact: 4.5 million global customers
Air India, the national airline of India, experienced a severe data breach that compromised the records of a total of 4.5 million global customers. The exposed data spanned from the years 2011 to 2021 and was attributed to unauthorized access to its Data Management Service Provider, SITA PSS.
In response to the breach, Air India promptly notified its users, urging them to update their passwords as a precautionary measure against potential misuse of their compromised data. This incident had far-reaching consequences, as it also impacted Star Alliance and One World Airlines, which relied on SITA to manage their databases.
The Air India data breach serves as a reminder of the urgent need for stringent data security measures, to protect sensitive information from unauthorized access and cyberattacks. It underscores the critical importance of safeguarding the privacy and trust of customers and clients.
Alibaba Data Breach (2022)
Date: July 2022
Impact: 1.1 billion users
Chinese e-commerce giant Alibaba faced a significant data breach, affecting 1.1 billion users. The compromised data included names of the users, ID numbers, phone numbers, physical addresses, criminal records, and online papers. The main part was that over 23 terabytes of data had been compromised from Alibaba’s cloud hosting servers, Alibaba Cloud, which is the largest public cloud service provider in China.
The breach was first announced by a hacker through online forums, and it revealed a glaring security lapse. Alibaba faced criticism for leaving critical servers unprotected, even though they handled extremely sensitive government information. This was not the first breach, as they had faced a similar incident just a year earlier, highlighting the need for robust security measures.
MOVEit Data Breach (2023)
Date: June 2023
Impact: Over 200 organisations and up to 17.5 million individuals
A significant breach of the file transfer tool MOVEit reverberated across the digital landscape, affecting over 200 organisations and potentially exposing the personal information of up to 17.5 million individuals by July 2023.
Multiple federal agencies, including the Department of Energy, Department of Agriculture, and Department of Health and Human Services, were among the victims, alongside a large number of educational institutions across the U.S. This incident also reached the corporate world, with companies like Shell, Siemens Energy, Schneider Electric, First Merchants Bank, and City National Bank confirming their involvement.
The breach originated from a critical security flaw in MOVEit’s software. Though MOVEit acted quickly to patch the vulnerability, the hackers had already gained access to a wealth of sensitive data. The Clop ransomware group, linked to Russia, has claimed responsibility for the breaches and threatened to publish the stolen information on the dark web.
The MOVEit data breach emphasizes the ongoing cyber threat landscape and highlights the necessity for robust cybersecurity measures in safeguarding sensitive information from increasingly audacious attacks.
T-Mobile’s Data Breach (2023)
January and May 2023
Millions of customers affected
T-Mobile endured two data breaches that dealt a severe blow to customer trust. These breaches marked the ninth security incident for the company since 2018.
January 2023: T-Mobile detected a breach that occurred in November the previous year, compromising the personal information of over 37 million customers. The company’s rapid response allowed them to contain the breach within a day.
May 2023: In a distressing turn of events, T-Mobile announced its second breach of the year, impacting over 800 customers and exposing their PINs, full names, and phone numbers.
Beyond security concerns, these incidents threatened to impose substantial financial expenses on T-Mobile. These breaches came on top of the $350 million settlement they had agreed to pay related to a data breach in August 2021. T-Mobile’s struggle with data security not only incurred significant financial losses but also eroded customer trust, as multiple breaches exposed personal information.
These data breaches serve as a reminder of the critical need for ongoing cybersecurity efforts in an environment where customer trust and financial stability are at stake.
Yum! Brands (KFC, Taco Bell, & Pizza Hut) Data Breach (2023)
Date: April 2023
Yum! Brands, the parent company of fast food chains KFC, Taco Bell, and Pizza Hut, disclosed a cyber attack that had occurred in January of the same year. Initially, the company believed the attack primarily impacted corporate data. However, they later adopted a cautious approach and began notifying employees who may have had their personal data compromised.
A Yum! Brands representative stated to Electric, “In the course of our forensic review and investigation, we identified some personal information belonging to employees was exposed during the January 2023 cybersecurity incident. We are in the process of sending individual notifications and are offering complimentary monitoring and protection services. We have no indication that customer information was impacted.”
The fallout from this attack was significant. In January, Yum! Brands had to close nearly 300 locations in the UK. Furthermore, the incident continued to incur costs for the company, as they invested in heightened security measures, alerted customers, and grappled with the impact on brand perception.
This data breach serves as a reminder of the far-reaching consequences of cyber attacks, impacting not only corporate data but also employee and customer trust, financial resources, and brand reputation.
SBI Employee Data Breach (2023)
Date: July 2023
Impact: information of 12000 employees
In a concerning data breach, personal information of over 12,000 State Bank of India (SBI) employees was exposed on Telegram channels. This data included names, addresses, contact numbers, PAN numbers, account numbers, and photo IDs.
The breach was uncovered when a Telegram channel named @sbi_data posted a file on July 8, containing the employees’ personal information. The channel’s bio, ominously reading “Spread Chaos Comrades!” and the file titled “SBI Employee Data Dump,” quickly spread across various channels and social media platforms.
The threat actor not only exposed employee data but also claimed access to the financial details of millions of consumers. To worsen matters, they asserted that the compromised data had been shared on publicly accessible leak forums.
Screenshots of SBI account balances and transactions were also posted, revealing extensive financial information. This data breach serves as a reminder of the critical need for robust cybersecurity measures to safeguard sensitive information.
Conclusion
Data breaches have emerged as a global menace. They threaten the very core of our digital lives, encompassing personal information and financial records. However, data breaches are more than just numbers and statistics, they impact individuals, organizations, and governments, with real human stories at their heart.
The message is clear – robust cybersecurity measures, responsible data management, and public awareness about data protection are paramount. Data breaches transcend data; they affect trust, privacy, and individual security. it’s imperative to remember that behind each data breach are real people whose lives have been disrupted. Safeguarding data isn’t just a responsibility; it’s a commitment to preserving the privacy and well-being of individuals on a global scale.
References
- The-biggest-data-breaches-of-the-21st-century
- biggest-data-breaches
- cyber-crime-biggest-online-data-breaches-worldwide
- 10-biggest-data-breaches
- What is a data breach