Cyber security is a big topic these days, and the largest data breaches tend to get a lot of media coverage. For this reason, data losses associated with major retailers, like the one suffered by Target or Home Depot, are probably already on your radar. But you may not know about the security leaks that saw the largest numbers of records compromised. In this article, we’ll cover the security breaches that affected a combined total of over 505 million people.
Court Ventures Exposes 200 Million Customer Records
This data breach occurred in 2012, and reportedly remains the biggest data breach to date. A company called Court Ventures was the culprit in this case. However, since the company is associated with credit-reporting agency Experian, the headlines suggest a much bigger catastrophe.
Before Court Ventures was acquired by Experian, the company sold information to third parties. One of their customers was a Vietnamese fraudster service. This fraudster service provided its own customers the ability to look up personally identifiable information on American citizens. All this was done through a database called U.S. Info Search, which was owned by Court Ventures.
When the Secret Service approached Experian about illegal activity on the Vietnamese end, the company had already acquired Court Ventures. In fact, the data breach continued for 10 months after Court Ventures changed ownership.
According to different news sources, the number of potentially affected customers is 200 million, which is the total number of records that were stored in the database. According to Experian, the only records that were affected by this breach were the ones from the U.S. Info Search database.
In a statement from Experian in 2014, the company reiterates that its own database was not breached. Additionally, the number of records breached is estimated to be much lower than 200 million. However, the company still can’t find a way to identify which customers were actually affected by the search. Therefore, none of the potential victims were notified then or now.
Hackers Accessed 160 Million Credit and Debit Cards and 800,000 Bank Accounts
Over a period of 7 years, a hacking ring made out like bandits while companies around the world lost an aggregate of at least $300 million. A group of 6 hackers, 5 of them Russian, the other from the Ukraine, were able to steal more than 160 million credit and debit card numbers and target over 800,00 bank accounts. They even penetrated the servers used by the Nasdaq stock exchange.
The cyberattacks occurred between 2005 and 2015, but most of them happened in 2008 and 2009. The hackers attacked banks and payment processors, but they also went after chain stores like 7-Eleven.
Instead of using the stolen information themselves, the hackers sold credit and debit card information to middlemen. U.S. credit card numbers sold for $10 each, Canadian cards for $15, and European cards for $50.
It’s impossible to determine how much money the hackers actually received, but the indictments indicate unbelievably large sums. The targeted institutions included Citibank, PNC Bank, Heartland Payment Systems, Global Payment Systems, and J.C. Penney.
The hackers went for big companies instead of individual customers, and managed to get away with it for a very long time. Unfortunately, so far only one of the men is in U.S. custody. The rest are still fighting extradition, but the Russian government is not cooperating with U.S. authorities.
145 Million Users Affected by eBay Hack
The third largest recorded data breach involved eBay. Between February and March of 2014, hackers were able to steal employee logins and use them to view and copy personal information for every eBay account holder. eBay didn’t mention how the hackers were able to log into the employees’ accounts.
The end result is that hackers may now have names, addresses, birth dates, email addresses, account passwords, and phone numbers for every eBay customer. Fortunately, the records didn’t include credit card numbers or Social Security numbers. According to eBay, the passwords were encrypted, but that doesn’t necessarily mean the hackers can’t decode them eventually.
As a consequence, eBay forced every customer to change their password upon logging in again. Customers are also urged to change passwords for their other accounts if they use the same passwords on different sites. It took eBay several weeks to announce the security breach—the company didn’t originally think any customer data had been accessed by the hackers.
Why Cyber Security Is a Priority for eFileCabinet
With breaches such as these, it’s easy to see why cyber security is and continues to be a big priority for eFileCabinet. We want to reassure you that your information is safe with us. Unlike eBay, we encrypt all of the information you store with us, not just your password. Plus, we utilize role-based user access which helps you control and limit the amount of information your employees can access. Last but not least, we allow you to verify the authenticity of your documents by providing your administrative users with an unalterable audit trail.