Estimated read time: 4-5 minutes
While the wonders of modern technology have made keeping track of health records, purchasing goods and services and keeping track of financial information easier than ever, it has also made sensitive information more vulnerable than ever.
According to Pew Research Center, "Nearly two-thirds of Americans have experienced some form of data theft." This includes 41% of survey respondents who have seen fraudulent charges on their credit cards, 35% of people who have been notified that their personal information had been compromised and 16% who have had their email account taken over without their permission.
"Americans in their early 30s through mid-60s are especially likely to have encountered many of these forms of data theft," said Pew Research Center. Other factors that increase someone's risk of experiencing data theft include being a college graduate and having a household income of more than $75,000 per year.
This high number of Americans reporting data theft can be explained by the ever-rising reports of data breaches. The 2021 Annual Data Breach Report revealed 2021 had set a record high for number of data compromises. At least 1,862 experienced data breaches in 2021, an increase of 68% compared to 2020 and 23% higher than the previous record high set in 2017.
The leading cause of data breaches has long been phishing schemes, but Identity Theft Resource Center predicts ransomware-related breaches will surpass phishing attacks as the top source of data compromises in 2022.
Despite the high number of data breaches in recent years, some of the worst breaches of all time happened years ago. Here are a few of the worst.
Yahoo – 2013
The biggest data breach of all time occurred in 2013 when hackers stole the data for around 3 billion user accounts, or even more. NPR reported the breach did not include credit card or bank account data, but it did include names, phone numbers, email addresses, birth dates and old security questions and answers.
The sources of this breach have never been fully identified, but it is believed to have been a Russian team linked to the Russian government.
First American Financial Corporation – 2019
In May of 2019, a cybersecurity journalist uncovered a collection of leaked document images including over 800 million title and escrow documents from as early as 2003. Some of the images included sensitive personal data like banking information and social security numbers. The source of the leak was reportedly a vulnerability in the company's EaglePro system, according to JD Supra.).
Facebook – 2019
Facebook found itself in hot water over the publishing of data from 533 million people from 106 countries on a hacking forum in April 2021. The company reported the data was old, "from a previously reported leak in 2019" and that "the data was scraped from publicly available information on the site," the BBC reported.
Facebook's response to the leak was criticized for being "evasive" and a "deflection of blame" as it neglected to formally apologize to its users and it pointed to the expectation that more scraping incidents were likely to happen in the future.
Marriott Starwood – 2014-2018
The Marriott hotel chain discovered in 2018, that an ongoing breach beginning in 2014 had exposed "anyone who made a reservation at a Starwood property on or before September 10, 2018," said the Federal Trade Commission.
The hacker gained access to names, addresses, email addresses, phone numbers, passport numbers, dates of birth, loyalty program account information and some payment numbers and expiration dates. The payment card numbers were encrypted, the company said, but the hackers may have been able to steal the information necessary to decrypt the encrypted credit card numbers.
Prevent your own data breach
The Salt Lake Chamber recognizes the importance of cybersecurity to businesses and community members and seeks to provide information on how to prevent and detect cyber threats.
"Preventing an incident requires developing strong security capabilities with careful planning, analysis, and testing," the Chamber's Cybersecurity Initiative said. "During the prevention planning stage, it's critical that businesses and individuals work together to protect their organization's assets by applying security policies including Intrusion Prevention Services (IPS), Advanced Threat Protection (ATP) and access control procedures, Two Factor Authentication (TFA) and continuous awareness training throughout the organization."
With its Cybersecurity Initiative, the Chamber has partnered with the Department of Homeland Security's "Stop.Think.Connect" and the U.S. Chamber of Commerce cybersecurity campaigns to offer support and resources to local community members.