When enterprise networks and the data records they store are infiltrated by cybercriminals, the consequences can be catastrophic and costly.
The larger the company, the more information they keep, multiplying the damage done when this private data is exposed. All businesses have an obligation enforced by data regulators to put appropriate measures in place to safeguard both employees’ and clients’ personal information that they retain.
If, following a data breach, an enterprise is judged to have failed in putting adequate defences in place or found to withhold information, they will be held accountable and can incur massive fines from regulatory authorities. Those who have their information exposed may also seek compensation for this disclosure, adding to the cost. This is not where the damaging effects stop however; forensic investigations can be costly, there will be system downtime while incidents are inspected and analysed, and there will be cost associated with any new security measures that must be adopted.
Long-term and lasting effects can also be felt from damage suffered to an enterprise’s reputation, with many customers and clients losing trust in them. The following are three of the worst hacks in history impacting both the companies breached and the individuals whose data records containing private information were exposed or stolen:
1. Equifax
In September 2017, Equifax, the US-based multinational agency specialising in consumer credit reports, announced it had suffered a data breach. Later it reported the full extent of the attack, which saw 147 million consumers impacted, amounting to over 50% of Americans. In the massive breach, a whole host of Personally Identifiable Information (PII) was exposed, including names, dates of birth, social security numbers and driver’s licence numbers, along with financial details such as credit card numbers.
When the breach, which was among the largest in history, was investigated, Equifax was forced to admit that it had been warned six months earlier that a vulnerability existed in its system that could potentially be used by cybercriminals. The company also admitted that despite this information being in its possession, it failed to deploy the necessary patches to protect against attack.
The hack had disastrous financial consequences for the firm. July 2018 saw Equifax agree to pay out a sum of $700m in order to settle both federal and statewide investigations into how it had managed the large-scale data breach. At the time the company made the settlement, a spokesperson announced on behalf of Equifax that none of the sensitive data exposed during the 2017 breach had to date been found for sale on any dark web sites used by hackers.
In February 2020, the US Department of Justice finally identified those responsible. Concluding a yearlong investigation to uncover the culprits behind the breach, the Department of Justice alleged that the individuals behind the attack on Equifax were four members of the People’s Liberation Army of China.
2. Marriott
Another attack originating in China saw the Starwood hotel chain hit by hackers. Owned by world-renowned hospitality company Marriott, the Starwood chain was acquired back in 2016 for a sum of $13bn. However, in November 2018, Marriott made a public announcement that information for one of the Starwood hotel properties was successfully hacked, resulting in over 300 million guests’ private data records being accessed.
Marriott’s dedicated data team confirmed following investigation that the Starwood’s guest reservation data base (containing around 500 million accounts) was breached in the major hack with 327 million data files accessed. The files included a wealth of confidential personal information including contact details like names, telephone numbers and email addresses, as well as passport numbers.
Marriott also revealed that details from 100 million customer credit cards has been potentially exposed, such as credit card numbers and expiry dates. However, it was unable to confirm whether the hackers had been able to decrypt the card numbers.
CEO for Marriott, Arne Sorenson commented:
“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
The investigation into the attack also uncovered that the hack may have been ongoing from before Marriott even purchased the chain, as early as 2014. Those behind the attack were identified as operatives for China’s Ministry of State Security, a civilian-based espionage agency.
3. Yahoo!
An enormous breach reported by Yahoo! in 2016 involved up to three billion data records hacked. As Verizon Media, which now owns the company, announced its plans to acquire Yahoo!, the US web services provider revealed that it had been the victim of more than one largescale hack over the years.
Attributed to Russian-based commercial hackers working in conjunction with the FSB Intelligence agency, the breaches first announced by Yahoo! in September 2016 involved the names, telephone numbers, email addresses and dates of birth for around 500 million of its users from a hack taking place in 2014. However, in December of the same year, it followed this announcement with information on an earlier hack in 2013, swiftly adding another 500 million to its list of exposed files.
After Verizon purchased Yahoo! in 2017, the full extent of the attacks was finally released when it admitted that the 2013 hack had impacted the company’s entire three billion userbase. The breach proved extremely expensive for Yahoo! In a class-action lawsuit for the way it had managed communications regarding the hacks, April 2019 saw the firm forced to fork out $117.5m (roughly £92m).
Comprehensive protection from data hacks
At Galaxkey, we understand the dire losses suffered by companies following a data breach, so we have built a security solution with zero back doors. No passwords are ever stored on our secure platform and the easy-to-employ encryption offers powerful three-layer coding. Recognised as the benchmark standard at government level, our end-to-end encryption ensures that if your network is penetrated by hackers, all your data files will be fully protected whether they are in transit or stored on your server.
Protect the information your enterprise stores and experience a free 14-day trial of the Galaxkey secure platform. Contact our specialist team today to get started.
