25 High Profile Enterprise Information Security Breaches

by | Jun 3, 2022

Home » Blog » 25 High Profile Enterprise Information Security Breaches

No Industry seems to be safe from Ransomeware

Thus many sectors have implemented required governance and awareness training throughout their organizations. As time moves forward, more industries will implement proactive strategies to minimize the vulnerabilities at their sites and data breaches.

Data Breach

EVeryone from entertaiment to critical infrastrcuture is a target

Since very few attacks have the same targets or tactics, it is difficult to rank them by impact. Who decides what is more impactful? Is impact determined by loss of access to data and services? Or by the loss of confidentiality of Personally Identifiable Information (PII) or Personal Health Information (PII)? Or is it determined by irreparable harm to critical infrastructure and hardware? We could not decide either. Here is a list of some of the most prominent information security breaches since 2008.

  • Heartland Payment Systems (2008) – Heartland payment systems suffered an attack that resulted in a breach of critical customer payment information. The resulting fallout cost the company over $200 million, and the enterprise lost its PCI-DSS compliance status. Triage and analyze events to determine whether an incident is underway
  • Sony (2011) – Account information of 77 million PlayStation network users was stolen after a prolonged (23 days) DDoS (Distributed Denial of Service) attack against Sony’s network infrastructure.

  • Adobe (2013) – Encrypted credit card information and user passwords were stolen from over 150 million adobe customers.
  • Target (2013) – Criminals stole nearly 40 million unique credit card numbers and 70 million account records from Target customers in attack during the 2013 holiday season.
  • Yahoo (2013) – Account details and security questions of nearly 3 billion accounts compromised.
  • Anthem (2015) – Anthem’s internal servers were compromised resulting in the disclosure of medical information / PII  of over 78 million individuals.
  • River City Media (2017) – The email marketing group River City Media misconfigured its backup databases, this misconfiguration resulted in unsecured public access to its over 1.34 billion email records.

  • Under Armor (2017) – Account information of nearly 150 million users was stolen via a breach of the MyFitnessPal nutrition app. Weak & incorrect hashing algorithms allowed the attackers the ability to decrypt the stolen user passwords.

  • Equifax (2017) – Credit information (credit card numbers, driver’s license numbers, social security numbers, etc.) of nearly half of all Americans (147.9 million) compromised when attackers gained access to Equifax internal servers.

  • Veam (2018) – An exposed database that contained over 200 gigabytes of sensitive customer information resulted in the theft of over 440 million email addresses.

  • Facebook (2019) – Unsecure internal Facebook application leaked the personal information of over 500 million users.

  • Capital One (2019)- Personal information of over 100 million credit applicants was disclosed as result of a successful breach conducted by a single attacker.
  • Go Daddy (2020) – Unauthorized access to a GoDaddy managed WordPress application resulted in the theft of over 1.2 million individuals account information.
  • TikTok (2020) – An unsecured database led to unauthorized third-party access to private account information of roughly 235 million social media profiles.
  • SolarWinds (2020) – The 2020 supply chain attack on SolarWinds infrastructure resulted in the downstream compromise of multiple critical US governmental entities (Dept. of Treasury, Commerce, Defense, Energy, etc.). The attack was attributed to the Russian government. The extent of fallout from the attack is still being determined.
  • LinkedIn (2021) – Data scrapped from unsecure API, affected nearly 700 million users.
  • CAM4 (2021) – The adult media platform CAM4 exposed nearly 7 terabytes worth of data containing roughly 11 billion records (emails/passwords).
  • CNA Financial (2021) – The financial company paid a $40 million ransom after their infrastructure was crippled by ransomware.
  • Alibaba (2021) – 1.1 billion instances of personal information scrapped from with the help of malicious insiders.
  • Colonial Pipeline (2021) – Fell victim to an attack by the ransomware group Darkside. Colonial paid the demanded ransom, but the fallout still led to widespread panic about fuel prices/availability on the east coast.
  • JBS (2021) – The meatpacking company JBS was the victim of a ransomware attack by the criminal group REvil. The organization ended up paying the demanded $11 million ransom.
  • T-Mobile (2021) – Weak security measures led to the compromise of sensitive information (names, addresses, Social Security numbers, driver’s licenses, IMEI and IMSI numbers, and ID information) on nearly 50 million current and prospective T-Mobile customers.
  • Kronos (2021) – The payroll company Kronos suffered a ransomware attack that resulted in service outages and theft of critical information. Customer and employee PII was stolen as well as critical HKG intellectual property.
  • Kaseya (2021) – A supply chain attack on the IT service provider Kaseya resulted in the downstream compromise of 800-1500 Kaseya managed customer environments.

If this could happen to these billion dollar companies, then it could happen to small to medium sized companies, as well. 

Related Blog Posts

What Do Hackers Do with Stolen Data

What Do Hackers Do with Stolen Data

Threat Actors Many individuals may ask, "What would someone want with my data?" or "Who would want my data?" It is important to describe who wants the data because that determines what they are going to do with it. These individuals and organizations...

The Importance of Employee Security Training

The Importance of Employee Security Training

Impact of Employee Security Training The majority of enterprise cybersecurity incidents can be traced back to a mistake made by an employee. Whether this came in the form of a clicking on a phishing email or lackluster security policies implemented...

Creating an Incident Response Plan

Creating an Incident Response Plan

Creating an Incident Response Plan Disruptions to business operations occur frequently and vary greatly in terms of scope and scale. Organizations should establish formal policies and procedures in order to minimize the impact of...

Why Physical Security Is Cybersecurity

Why Physical Security Is Cybersecurity

Physical Security Awareness Physical Security is an important aspect of protecting your organization’s networks, hardware, and data. However, physical security is often overlooked when cybersecurity policies are written, and often times sub-par...

Want to learn more? Our Security Experts Are Here For You

Critical Fault

Newsletter

Subscribe To Our Newsletter

We've been creating some excellent webinars and local events. Join our mailing list for the latest on industry trends and strategies for cyber defense.

Need Immediate Assistance?

Give us a call (405) 771-6399

Headquarters

3841 E Danforth Rd, Ste 106, Edmond, OK 73034 

Copyright 2022 - Critical Fault, LLC.