Information SEcurity > Introduction to Security > Examples of Security Breaches
Examples of Security Breaches and Their Consequences
Equifax Data Breach (2017)
- What happened: Hackers exploited an unpatched vulnerability in Apache Struts, a web application framework used by Equifax.
- Data compromised: Sensitive personal data of ~147 million people — Social Security numbers, birth dates, addresses, some driver’s license numbers.
- Consequences:
- Over $700 million in settlements and regulatory penalties.
- Massive reputational damage and loss of consumer trust.
- Top executives resigned.
- Strengthened focus on patch management and regulatory compliance globally.
Yahoo Data Breach (2013–2014)
- What happened: State-sponsored attackers stole data from Yahoo’s servers over several years.
- Data compromised: All 3 billion Yahoo accounts — names, email addresses, dates of birth, security questions.
- Consequences:
- Devaluation of Yahoo’s acquisition price by Verizon by ~$350 million.
- Severe loss of user trust.
- Increased scrutiny on large tech firms’ security practices.
Target Data Breach (2013)
- What happened: Attackers accessed Target’s network through stolen credentials from a third-party HVAC vendor.
- Data compromised: Credit/debit card info of ~40 million customers; personal info of ~70 million customers.
- Consequences:
- ~$162 million in costs after insurance recovery.
- Class-action lawsuits and settlements.
- Major leadership changes.
- Highlighted supply chain and vendor security risks.
Bangladesh Bank SWIFT Heist (2016)
- What happened: Hackers used stolen credentials to send fraudulent transfer requests via the SWIFT network.
- Funds stolen: $81 million from the bank’s account at the Federal Reserve Bank of New York.
- Consequences:
- Global attention on SWIFT security.
- Implementation of tighter controls for interbank transfers.
- Significant financial and reputational loss for Bangladesh Bank.
Sony Pictures Hack (2014)
- What happened: A politically motivated attack (linked to North Korea) leaked confidential data, including unreleased films and sensitive employee emails.
- Consequences:
- Millions in financial losses.
- Reputational damage due to leaked internal communications.
- Disruption of operations and damage to intellectual property.
Cambridge Analytica Scandal (2018)
- What happened:
A political consulting firm, Cambridge Analytica, improperly accessed personal data from up to 87 million Facebook users without consent via a third-party app that harvested data from users and their friends.
- Data compromised:
Profile information, likes, friend networks, and other personal data.
- Consequences:
- $5 billion fine from the U.S. Federal Trade Commission (FTC) — one of the largest ever imposed for privacy violations.
- Global outrage and damage to Facebook’s reputation.
- Increased regulatory scrutiny on social media privacy practices (e.g., GDPR enforcement in Europe).
- Changes in Facebook’s data-sharing policies and tighter app oversight
2019 Data Exposure (Database Leak)
- What happened:
Hundreds of millions of Facebook user records, including phone numbers, were found exposed on publicly accessible cloud servers without password protection.
- Data compromised:
Phone numbers linked to Facebook IDs, names, and other profile details.
- Consequences:
- Risk of SIM swapping attacks, phishing, and spam.
- Renewed criticism over Facebook’s data handling practices.
- Prompted Facebook to limit access to users' phone numbers via its API.
Google+ Data Exposure (2018)
- What happened:
A vulnerability in the Google+ API allowed external developers to access private profile data of users who had not shared that data publicly.
- Data compromised:
Names, email addresses, occupations, ages of up to 500,000 accounts (later revised to a larger number).
- Consequences:
- Google shut down Google+ for consumers earlier than planned (April 2019).
- Reputational impact due to failure to disclose the breach promptly (initially discovered in March 2018, revealed in October 2018).
- Triggered scrutiny regarding Google’s transparency on privacy issues.
Android App Permissions (Ongoing Issues)
- What happened:
Several reports have highlighted that some Android apps (including apps using Google Play services) collected user data beyond what was disclosed in permissions.
- Data compromised:
Location data, device identifiers, sometimes collected without clear user consent.
- Consequences:
- Legal challenges and fines in Europe (e.g., €50 million fine from France’s CNIL in 2019 for GDPR violations).
- Google introduced stricter policies on app permissions and transparency.