There is no escaping the fact that cyberattacks compromise and steal data on a daily basis. Victimized organizations often suffer significant damage—to their operations as well as their reputations—as do individuals who use their services, insurers, and account holders. Such attacks have been the impetus for evolving online practices and the need for companies to quickly adapt to an increasingly dangerous digital environment, essentially shaping the future defense strategies of the industry. As the most impactful and devastating attacks of the 21st century, these massive breaches are now symbols of our shared transformation and the ongoing modifications we are destined to make if we hope to achieve real security in the future.
Yahoo Attack: 2013-2014
In 2013, a cyberattack on the leading internet portal Yahoo impacted the accounts of three billion users and is still, to date, the biggest data breach of all time. The names, birthdates, email addresses, and telephone numbers of 500 million consumers were compromised in the attack. A further breach into Yahoo just a few months later also included threats to security-related questions and answers. As a direct result of these breaches, Yahoo’s value decreased by $350 million, and it was later sold to Verizon Communication through Oath Inc. for 4.48 billion, a far cry from its original $100 billion valuation.
Adult Friend Finder Attack: Oct 2016
October 2013 saw a large-scale attack on 412.2 million accounts of The FriendFinder Network, a site comprised of adult content and casual-meet websites, boasting 60 million global participants. Over a span of 20 years, the Thailand-based attacker(s) gathered the names, physical locations, IP addresses, and password-related information of six different databases to formulate a powerful breach with hefty ransom demands. The algorithm used to protect these passwords was the SHA-1 Hashing, an inadequate algorithm that was labeled insecure by chief browser manufacturers in 2017. Scandalously, location meant that this attacker was not subject to US law enforcement.
Equifax Attack: July 29, 2017
In the aftermath of this devastating—an now rather notorious—cyberattack, 147.9 million consumers across the UK and Canada had their personal information stolen from one of the largest U.S. credit-reference agencies known as Equifax, 209,000 of whom also had their credit card details exposed. The attack was subequently blamed on an application susceptibility on one of their websites, and although it was discovered on June 29th, Equifax stated that it was possible that the attack commenced some months prior.
Ebay Attack: May 2014
In May 2014, an online attack of Ebay’s auction service compromised and revealed the Personally Identifiable Information (PII) of 145 million users. The hackers of the multi-million dollar business accessed the company network using the identifications of three personnel and gained internal access to user databases for a period of 229 days. Posing as Ebay administrators, they made direct contact with consumers in the form of phishing expeditions and requested password changes. Although the breach caused a temporary reduction in user activity, Chief Executive Officer John Donahue later reported it had little impact on their bottom line and did not affect future revenue predictions.
Heartland Payment Systems Attack: March 2008
March 2008 was the month that U.S.-based payment processing and technology provider Heartland Payment Systems suffered the loss of 134 million customer credit card details when hackers successfully installed spyware onto the company’s central systems. The technology provider worked with more than 150,000 merchants to SMBs to process multiple card transactions per month, and it was Visa and Mastercard that notified Heartland of questionable transactions. As details of the attack unfurled, it was revealed that Heartland did not adhere to The Payment Card Industry Data Security Standard (PCI DSS). Consequently, the provider was forbidden to process credit card payments until Spring 2009 and was ordered to pay $145 million in compensation for fraud. In March 2010, Cuban-American Albert Gonzalez was sentenced to 20-years in prison after being found guilty of orchestrating the global credit and debit card breach.
Experts predict that the next 911 will be a cyberattack, with the Health and Transport infrastructure feeling the most vulnerable, and in the same way that a hurricane of catastrophic impact warrants its own name, many believe that the next global-scale cyberattack will too be given a named identity. There have been no reliable reports suggesting cybersecurity threats are taking a downward turn or becoming less significant or frightening.