If we’ve learned anything from the data breaches of 2016, it should be that no industry is safe. From ransomware to malware, phishing and botnets, hackers around the globe continue to find new and inventive ways to compromise very sensitive user information.
It’s also becoming more apparent that entities are reluctant to share when they have been hacked. Initial reports may sound limited, and then later information shows that breaches are much bigger than initially thought.
More than anything, the 2016 breach reports should scare companies into shifting IT plans to focus on cybersecurity in 2017 until all vulnerabilities are clear.
Really, if the G7 can agree on guidelines to protect the international financial industry, shouldn’t we all take cybersecurity a bit more seriously?
2016 Breaches in the Retail Sector
- FACC: As an aerospace parts manufacturer, FACC is based in Austria. Hackers didn’t steal data from FACC, just money—totaling about $54.5 million U.S. dollars.
- Wendy’s: Payment information was compromised in over 300 of the nationwide stores. Malware infiltrated a POS system, and an update later in the year reported that the number of stores was “considerably higher” than the original 300.
2016 Breaches in the Healthcare Sector
- 21st Century Oncology: A cancer treatment center in Florida reported that 2.2 million patients may have had personal information stolen.
- Premier Healthcare: An unencrypted laptop stolen from the billing department of a multispecialty provider healthcare group in Indiana reported that sensitive data of more than 200,000 patients had been compromised. Over 1,700 of them may have also had Social Security numbers or financial information taken.
2016 Breaches in the Tech Sector
- Verizon Enterprise Solutions: While helping customers around the world with data breaches and IT, Verizon Enterprise Solutions was hacked. 1.5 million customers had their information stolen, and it was found for sale on the black market.
- Multiple Major E-mail Providers: Hold Security from Milwaukee, Wisconsin found over 270 million usernames and passwords for sale in the deep web, including 40 million Yahoo accounts, 33 million Hotmail accounts, and 24 million Gmail addresses.
- LinkedIn: It’s true what they say: you can’t escape the past. A breach in 2012 caused more than 117 million email and password combinations to be compromised. They showed up online this year.
- Oracle: Solid numbers are hard to come by, but Oracle acknowledged a data breach, likely with usernames and passwords. Oracle owns the MICROS point-of-sale system, which is used in more than 330,000 cash registers worldwide.
- Dropbox: Seems like a reoccurring theme for 2016; A small number of users were asked to reset passwords in 2012 due to a breach. This year, Dropbox admitted that more than 68 million users had usernames and passwords compromised in that initial breach.
- Yahoo!: Battle worn Yahoo! has probably made history with one of the most far-reaching data breaches to date. Hackers broke into a minimum of 500 million accounts in late 2014, collecting email addresses, passwords, full user names, dates of birth, telephone numbers and some security questions and answers. Now they have uncovered another 1 billion accounts breached in 2013.
- Weebly: Hackers gathered usernames, passwords, email addresses, and IP information of more than 43 million Weebly users back in February. The breach was discovered and disclosed in October.
2016 Breaches in the Education Sector
- University of Central Florida: Over 63,000 current and former students and employees had their data compromised. The university said that data stolen includes first and last names, Social Security numbers, and student/employee ID numbers.
- UC Berkeley: University officials reported that more than 80,000 students, alumni, employees, and school officials’ information was compromised. While they acknowledge that their system was hacked, it’s unclear if anything was stolen.
2016 Breaches in the Governmental Sector
- U.S. Department of Justice: Criminals who were angry with U.S. relations with Israel stole names, titles, phone numbers, and email addresses. They dumped data on 10,000 Department of Homeland Security employees on the first day, and then released data on 20,000 FBI employees the next day.
- Internal Revenue Service: At the risk of sounding like a broken record, the IRS reported that their initial number of 100,000 taxpayer identity records stolen in February 2015 turned out to be more than 700,000.
- Philippine Commission on Elections: About 55 million people had their identifying information posted online in an attempt to push the COE to enable security features on voting machines in the spring election.
Looking toward the future in 2017
Let’s open 2017 with a new resolve to run a system-wide check on all possible vulnerabilities. The time and money invested will far outweigh the costs when—not if— you are hacked.
You can read more about the world’s biggest data breaches in this visualization from Information is Beautiful.
What breaches do you think should have made the list?