Data breaches and hacks have become facts of life in the 21st century.
The most recent hack involves Capital One. The bank said Monday that a hacker gained access to more than 100 million of its customers’ personal information. The breach potentially compromises people’s Social Security numbers, bank account numbers, addresses, credit scores and limits, among other data.
That number is huge, but it’s not the worst breach ever.
Yahoo’s epic, historic data breach in 2013 compromised 3 billion people in total. The company revealed in 2017 that the accounts for every single customer during that time had been breached, including users of Tumblr and Flickr.
Altaba, what’s left of Yahoo after the company sold most of its properties to Verizon, paid $35 million last year to settle charges that it misled investors about the hack.
2. First American
First American Financial Corp., an American real estate and mortgage insurer, revealed in May 2019 that it left 900 million sensitive customer files exposed.
The trove of digital documents that could have been accessed included private information, such as Social Security numbers and bank accounts. But it’s not clear if any of the files were improperly accessed.
In April, researchers discovered a vast collection of data on Facebook users was publicly exposed on Amazon’s cloud computing servers.
Two third-party Facebook (FB) app developers were found to have stored user data on Amazon’s servers in a manner that allowed it to be downloaded by the public, according to a report from UpGuard, a cybersecurity firm.
It was one of many data breaches that Facebook has announced over the years. The Federal Trade Commission announced last week a $5 billion settlement with the company over how the company lost control over massive troves of personal data and mishandled its communications with users.
Marriott (MAR) said last year that someone had gained “unauthorized access” to its guest reservations system for nearly five years. Approximately 500 million guests’ information could have been accessed, which includes names, passport numbers and credit card details.
The hotel chain faces a $124 million fine for failing to protect customer data from UK regulators under Europe’s tough new privacy rules, called General Data Protection Regulation.
5. Adult FriendFinder
Swinger website Adult FriendFinder said in 2016 that as many as 412 million users had their personal information exposed — the company’s second hack in a year.
Equifax (EFX) disclosed in 2017 that personal information of as many as 143 million people was compromised. This breach was particularly alarming as Equifax (EFX) is one of the major companies that tracks credit histories of almost all Americans and sell that sensitive information to banks, credit card companies and other clients.
The company recently reached a deal to pay up to $700 million to state and federal regulators to settle probes related to the incident, the largest settlement ever paid for a data breach.
7. Capital One
A hacker named Paige Thompson is accused of breaking into a Capital One (COF) server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people’s names, addresses, credit scores, credit limits, balances and other information, according to the bank and a US Department of Justice complaint filed Monday.
In total, more than 100 million Capital One customers’ accounts could have been compromised.