How GDPR is building a better future
According to a recent research article posted in Dark Reading, the total number of data breach incidents reported in Q1 of 2020 might have declined due to an interruption in the reporting process caused by the Coronavirus quarantines. Still, the number of recorded privacy data exposure skyrocketed, with an astounding 8.4 billion personal data records exposed online—a 273% increase from Q1 2019.
The largest privacy data exposure incident recorded in Q1 2020 was the result of a misconfigured ElasticSearch cluster that compromised 5.1 billion records. It was not the result of an attack. Rather, it was a technical error.
The possible lack of reporting during a pandemic and the unprecedented exposure of privacy data in Q1 of 2020 both represent the challenges businesses face in regard to GDPR compliance. And it isn’t just large global corporations.
An article in Small Business Trends recently found that 28% of the privacy data incidents in 2020 came from small businesses.
These are the dangers that the GDPR was designed to address. For a look at how the data breach incidents of the past decade have brought the issues of privacy data to the forefront of consumer confidence and privacy legislation, here are our top 7 biggest data breach incidents of all time.
In October 2013, nearly 153 million Adobe user accounts were compromised. With an allegedly weak encryption system in place, hackers circulated an unencrypted, plain-text list of user details including usernames, emails, encrypted passwords, debit card information–and even each user’s password hint. Adobe later paid to settle a million-dollar lawsuit related to the breach.
Online powerhouse eBay reported a hack in May 2014 that affected all 145 million of its users. This devastating breach involved the misuse of the credentials of three corporate employees in accessing the company’s user database. eBay encouraged customers to change their password after details–such as dates of birth–were made available. eBay believed that the breach may have taken place as early as a month earlier.
Conversely, consumer credit reporting agency Equifax reported that their records were compromised on July 29, 2017–and perhaps earlier. On September 7, it announced that 147.9 million customer records had been compromised. Worryingly, it included an array of information, including social security numbers and, in some instances, drivers’ license numbers. The company was criticized in some quarters for its lax policies in patching its server software.
Professional social network company LinkedIn was seemingly hit twice by a data breach. In 2012, hackers accessed and released 6.5 million passwords. Unfortunately, at that time it had not encrypted its user’s passwords, so by the time the information was posted on a hacker forum, all it could do was to alert its customers to change their passwords–and quickly! By 2016, LinkedIn belatedly realized that as many as 165 million accounts may have been affected.
Also in 2016, social media company MySpace announced that a whopping 360 million user accounts were hacked and offered by the same entity selling information from the LinkedIn data breach. At the time, this was one of the largest data breaches ever, even though only accounts created before 2013 seemed to have been affected. Approximately $3,000 worth of Bitcoin was the hacker’s asking price for this information.
Chinese social media giant Sina Weibo announced in March 2020 that an astounding 538 million user accounts had been compromised and subsequently sold on the so-called darknet. While the company claimed that user passwords remained encrypted, the information was nonetheless valuable, as it included user Geo-location data.
While many of the breaches listed appear immense, they pale in comparison to the total 3 billion individual accounts that internet pioneer Yahoo reported compromised in September and December 2016. While user passwords were encrypted, other information, including date of birth and telephone numbers, were readily available as a result. This hack remains the world’s single biggest data breach.
Not all data breach incidents are preventable. If your company is handling sensitive information, it is a certainty that you will—at some point—need to manage a breach, loss, or exposure incident. Where GDPR applies, the management of breach incidents will determine the level of consequences your business will incur.
The Data Breach Management Tool (DBMT) was designed to help security teams manage incidents and automate critical processes so that your business can accurately assess the breach and meet its reporting guidelines.
Would you like to know more? We invite you to contact us. We would be happy to have a conversation with you regarding our product and how it can help you to protect your business and your reputation in a dangerous world.