Beyond the Yahoo Hack: Other Major Data Breaches
The Yahoo hack exposed personal details from at least 500 million user accounts, potentially the largest breach of an email provider in history. Despite the size of the break-in, attackers don’t appear to have accessed obviously sensitive information such as financial data or Social Security numbers.
Here’s how the Yahoo attack stacks up against other recent major hacks:
OFFICE OF PERSONNEL MANAGEMENT
A hack of the computer systems at the U.S. government’s personnel office compromised the personal information of more than 21 million current, former and prospective federal employees, including highly sensitive data such as background investigations.
The attack – disclosed last year and widely blamed on China’s government – also led to the resignation of the agency’s director and drew outrage over changing explanations about its severity.
A recently released House committee report faulted OPM for failing to secure sensitive data despite warnings for years that it was vulnerable to hackers. It concluded that the hacking could have been prevented if the agency had put in place basic, required security controls and recognized from an earlier break-in attempt that it was actually dealing with a sophisticated, persistent enemy.
In early 2014, the health insurer Anthem disclosed that hackers had stolen information on almost 80 million current and former customers and employees. Thieves potentially accessed Social Security numbers, names, birthdates, email addresses, employment details, incomes and street addresses. Anthem said it had no evidence that medical or financial information was taken.
In the aftermath of the attack, some Anthem customers said their identities had been stolen and used to file fake tax returns, a common tactic for claiming fraudulent refunds. Some state officials warned that scammers were also targeting Anthem policyholders with fake credit-monitoring appeals.
DEMOCRATIC NATIONAL COMMITTEE
Federal officials continue to investigate electronic break-ins into Democratic Party computers, including a breach of the Democratic Congressional Campaign Committee, the campaign arm for House Democrats. Some private cybersecurity analysts have blamed the breaches on Russian intelligence agencies.
Following the hack, embarrassing internal Democratic documents, along with both personal and official information about Democratic members and hundreds of congressional staff, was posted online. Rep. Debbie Wasserman Schultz of Florida relinquished her post as Democratic Party chief in July after the documents showed some DNC officials tilting toward Hillary Clinton in her presidential campaign against Vermont Sen. Bernie Sanders.
Home Depot said in September 2014 that attackers stole 56 million debit and credit card numbers in a months-long breach of its computer systems. About two months later, the nation’s largest home improvement chain disclosed that hackers also stole 53 million email addresses in addition to the card data.
Target Corp. first announced its massive data breach in December 2013, saying that 40 million debit and credit cards were affected.
Weeks later, the retailer added that further investigation had revealed that the hackers also took the personal information – including email addresses, phone numbers, names and home addresses – of 70 million people.
TJX Cos., the parent company of retailers T.J. Maxx and Marshall’s, announced its data breach in 2007. At first it said the intrusion into its customer data files took place between May 2006 and January 2007, but it later learned that it also was hacked into in July 2005 and other periods during that year. Ultimately, the breach exposed at least 45.7 million credit and debit cards to possible fraud.
In 2014, Sony discovered that personal information – including emails, Social Security numbers and salary details for nearly 50,000 of its current and former workers – was leaked online.
In addition, attackers uploaded screeners of unreleased movies to the internet for illegal download. Thousands of internal emails from and about Sony executives, many of them embarrassing, were later released.
The hackers also threatened violence against movie theaters that planned to show “The Interview,” a Seth Rogen/James Franco comedy about an assassination attempt on the leader of North Korea. While many major theaters canceled showings of the movie, it went on to screen at independent theaters and aired digitally. The Obama administration later implicated North Korea in the attack.