15 Worst Data Breaches

By Bill Brenner Apr 11th 2012
Data security breaches happen daily in too many places at once to keep count. But what constitutes a huge breach versus a small one? For some perspective, we take a look at 15 of the biggest incidents in recent memory.
  • Heartland Payment Systems Impact: 134 million credit cards exposed through SQL injection to install spyware on Heartland's data systems.

  • TJX Impact: 94 million credit cards exposed. Allegedly this was possible because TJX's network wasn't protected by any firewalls. Albert Gonzalez, ringleader of the Heartland breach, was convicted and sentenced to 40 years in prison, while 11 others were arrested.

  • Epsilon Impact: Exposed names and e-mails of millions of customers stored in more than 108 retail stores plus several huge financial firms like CitiGroup Inc. and the non-profit educational organization, College Board.

  • RSA Impact: Possibly 40 million employee records stolen. The impact of the cyber attack that stole information on the company's SecurID authentication tokens is still being debated. EMC reported last July that it had spent at least $66 million on remediation.

  • Stuxnet Impact: Meant to attack Iran's nuclear power program, but will also serve as a template for real-world intrusion and service disruption of power grids, water supplies or public transportation systems.

  • Department of Veterans Affairs Impact: An unencrypted national database with names, Social Security numbers, dates of births, and some disability ratings for 26.5 million veterans, active-duty military personnel and spouses was stolen.

  • Sony PlayStation Network Impact: 77 million PlayStation Network accounts hacked; Sony is said to have lost millions while the site was down for a month.

  • ESTsoft Impact: The personal information of 35 million South Koreans was exposed after hackers breached the security of a popular software provider.

  • Gawker Media Impact: Compromised e-mail addresses and passwords of about 1.3 million commenters on popular blogs like Lifehacker, Gizmodo, and Jezebel, plus the theft of the source code for Gawker's custom-built content management system.

  • Google, etc. Impact: Stolen intellectual property. The Chinese government launched a massive and unprecedented attack on Google and Yahoo. The Chinese hackers exploited a weakness in an old version of Internet Explorer to gain access to Google's internal network.

  • VeriSign Impact: The most troubling thing about the VeriSign breach in which hackers gained access to privileged systems is that VeriSign never announced the attacks. The incidents did not become public until 2011, through a new SEC-mandated filing.

  • CardSystems Impact: 40 million credit card accounts exposed. CSS, one of the top payment processors for Visa, MasterCard, American Express is ultimately forced into acquisition.

  • AOL Impact: Data on more than 20 million web inquiries, from more than 650,000 users, including shopping and banking data were posted publicly on a web site.

  • Monster.com Impact: Confidential information of 1.3 million job seekers stolen and used in a phishing scam.

  • Fidelity National Information Services Impact: An employee of FIS subsidiary Certegy Check Services stole 3.2 million customer records including credit card, banking and personal information.

Data security breaches happen daily in too many places at once to keep count. But what constitutes a huge breach versus a small one? For some perspective, we take a look at 15 of the biggest incidents in recent memory.

LATEST slideshows