25 High Profile Enterprise Information Security Breaches

by | Jun 3, 2022

Home » Blog » 25 High Profile Enterprise Information Security Breaches

No Industry seems to be safe from Ransomeware

Thus many sectors have implemented required governance and awareness training throughout their organizations. As time moves forward, more industries will implement proactive strategies to minimize the vulnerabilities at their sites and data breaches.

Data Breach

EVeryone from entertaiment to critical infrastrcuture is a target

Since very few attacks have the same targets or tactics, it is difficult to rank them by impact. Who decides what is more impactful? Is impact determined by loss of access to data and services? Or by the loss of confidentiality of Personally Identifiable Information (PII) or Personal Health Information (PII)? Or is it determined by irreparable harm to critical infrastructure and hardware? We could not decide either. Here is a list of some of the most prominent information security breaches since 2008.

  • Heartland Payment Systems (2008) – Heartland payment systems suffered an attack that resulted in a breach of critical customer payment information. The resulting fallout cost the company over $200 million, and the enterprise lost its PCI-DSS compliance status. Triage and analyze events to determine whether an incident is underway
  • Sony (2011) – Account information of 77 million PlayStation network users was stolen after a prolonged (23 days) DDoS (Distributed Denial of Service) attack against Sony’s network infrastructure.

  • Adobe (2013) – Encrypted credit card information and user passwords were stolen from over 150 million adobe customers.
  • Target (2013) – Criminals stole nearly 40 million unique credit card numbers and 70 million account records from Target customers in attack during the 2013 holiday season.
  • Yahoo (2013) – Account details and security questions of nearly 3 billion accounts compromised.
  • Anthem (2015) – Anthem’s internal servers were compromised resulting in the disclosure of medical information / PII  of over 78 million individuals.
  • River City Media (2017) – The email marketing group River City Media misconfigured its backup databases, this misconfiguration resulted in unsecured public access to its over 1.34 billion email records.

  • Under Armor (2017) – Account information of nearly 150 million users was stolen via a breach of the MyFitnessPal nutrition app. Weak & incorrect hashing algorithms allowed the attackers the ability to decrypt the stolen user passwords.

  • Equifax (2017) – Credit information (credit card numbers, driver’s license numbers, social security numbers, etc.) of nearly half of all Americans (147.9 million) compromised when attackers gained access to Equifax internal servers.

  • Veam (2018) – An exposed database that contained over 200 gigabytes of sensitive customer information resulted in the theft of over 440 million email addresses.

  • Facebook (2019) – Unsecure internal Facebook application leaked the personal information of over 500 million users.

  • Capital One (2019)- Personal information of over 100 million credit applicants was disclosed as result of a successful breach conducted by a single attacker.
  • Go Daddy (2020) – Unauthorized access to a GoDaddy managed WordPress application resulted in the theft of over 1.2 million individuals account information.
  • TikTok (2020) – An unsecured database led to unauthorized third-party access to private account information of roughly 235 million social media profiles.
  • SolarWinds (2020) – The 2020 supply chain attack on SolarWinds infrastructure resulted in the downstream compromise of multiple critical US governmental entities (Dept. of Treasury, Commerce, Defense, Energy, etc.). The attack was attributed to the Russian government. The extent of fallout from the attack is still being determined.
  • LinkedIn (2021) – Data scrapped from unsecure API, affected nearly 700 million users.
  • CAM4 (2021) – The adult media platform CAM4 exposed nearly 7 terabytes worth of data containing roughly 11 billion records (emails/passwords).
  • CNA Financial (2021) – The financial company paid a $40 million ransom after their infrastructure was crippled by ransomware.
  • Alibaba (2021) – 1.1 billion instances of personal information scrapped from with the help of malicious insiders.
  • Colonial Pipeline (2021) – Fell victim to an attack by the ransomware group Darkside. Colonial paid the demanded ransom, but the fallout still led to widespread panic about fuel prices/availability on the east coast.
  • JBS (2021) – The meatpacking company JBS was the victim of a ransomware attack by the criminal group REvil. The organization ended up paying the demanded $11 million ransom.
  • T-Mobile (2021) – Weak security measures led to the compromise of sensitive information (names, addresses, Social Security numbers, driver’s licenses, IMEI and IMSI numbers, and ID information) on nearly 50 million current and prospective T-Mobile customers.
  • Kronos (2021) – The payroll company Kronos suffered a ransomware attack that resulted in service outages and theft of critical information. Customer and employee PII was stolen as well as critical HKG intellectual property.
  • Kaseya (2021) – A supply chain attack on the IT service provider Kaseya resulted in the downstream compromise of 800-1500 Kaseya managed customer environments.

If this could happen to these billion dollar companies, then it could happen to small to medium sized companies, as well. 

Related Blog Posts

What to Expect for CMMC 2.0 Assessments

What to Expect for CMMC 2.0 Assessments

What to Expect for CMMC 2.0 Assessments   So now you have put in all the work to meet the requirements of CMMC 2.0 level 1, 2, or 3, but what’s next? Once the rules are finalized and being implemented, companies will need to be able to certify that they are...

CMMC 2.0 Requirements: Level Three

CMMC 2.0 Requirements: Level Three

CMMC Requirements: Level Three Now we enter the most nebulous category of CMMC 2.0 requirements: level three. While we know where the requirements will come from, we don’t know exactly how many will be added from the NIST 800-172 publication. While there are...

CMMC 2.0 Level 2 Requirements

CMMC 2.0 Level 2 Requirements

CMMC 2.0 Level 2 CMMC 2.0 Level 2-that’s where things really start to get serious. While the controls required aren’t incredibly difficult, there are probably a fair number that most companies haven’t considered before, especially since there are 110 of them. And I am...

CMMC 2.0 Level 1 Requirements

CMMC 2.0 Level 1 Requirements

We’re going to start digging through the CMMC levels, starting with CMMC 2.0 Level 1. I will go through the different protection areas and briefly describe what they mean. I don’t intend for this to be a complete guidance, but more an introduction to allow you to be...

Want to learn more? Our Security Experts Are Here For You

Critical Fault all white text

Newsletter

Subscribe To Our Newsletter

We've been creating some excellent webinars and local events. Join our mailing list for the latest on industry trends and strategies for cyber defense.

Need Immediate Assistance?

Give us a call (405) 771-6399

Headquarters

3841 E Danforth Rd, Ste 106, Edmond, OK 73034 

110 E. Houston St, 7th Floor, San Antonio, TX 78205

Copyright 2024 - Critical Fault, LLC. | Privacy Policy