If you ever go online, either from a desktop, laptop, tablet, or mobile phone, your data is being tracked. Thanks to cell phone towers, your moves are being recorded, even when you aren’t trying to go online. Your information is collected every time you move, as long as you have your cellphone with you (and it’s turned on). With the advent of smartwatches, the opportunities to have everything you do track become magnified.
Now, that isn’t to say that you are constantly being “watched.” The way your data is used is, generally, more benign than what we might be imagining. However, that doesn’t mean that it isn’t important or that keeping your data safe shouldn’t be a priority for you.
The data that can be collected from you includes anything that you store on your device, including personal information, such as your age, date of birth, gender, and location, as well as more sensitive information, such as your credit card and bank account numbers.
Most individuals have some type of security software installed on their computers and mobile devices. You probably have one installed on your laptop right now, running checks in the background as you go about doing your business. Although it’s important to do your part to keep your data safe on all of your personal devices, often, the main culprit of cybersecurity hacks isn’t you or anyone in your household.
While cybersecurity threats still exist for individuals, problems arise when larger businesses and organizations are targeted. Gaining access to thousands of users’ information is the real treasure trove for hackers who are on the hunt for access to personal, credit card, and banking information from millions of people.
Data Breaches in American History
Businesses are a significant target for cyber-attacks because of all the data they store on their servers. Companies use your data to target ads to your preferences and figure out your shopping and spending habits. They also store your information, often for your convenience. Think about all of the accounts you have that have your credit card information already stored for either recurring purchases (such as a software subscription) or convenience (such as a retailer you frequent, like Amazon).
Data breaches cost businesses millions of dollars every year. According to IBM Security’s 2020 report, the total cost of a data breach for a US company is $8.64 million, and it takes an average of 237 days to find and contain the breach.
With millions of people impacted by data breaches, you may have been a victim of a data breach. According to IBM Security’s report, the most common industry for a data breach is healthcare, followed by energy, finance, and pharma. Yet, these often aren’t the stories that we hear on the news. The data breaches we hear about most frequently are those that happen to consumers.
In case you don’t remember just how devastating a data breach can be to individuals and businesses, let’s take a look at a few of the most prominent examples of data breaches from the 21st century.
Adobe Software — 2013
In 2013, Adobe announced that at least 38 million users had their data breached, resulting in the theft of nearly 3 million users’ credit card information. In a statement, Adobe said that the credit card numbers were encrypted, which should have prevented the hackers from actually being able to see and use them.
However, in addition to the encrypted credit card numbers, the hackers also got their hands on nearly 150 million usernames and password pairs, which is just as good as getting the credit card information. The passwords were poorly encrypted, and, as a result of the data breach, Adobe ended up paying an undisclosed settlement to customers who were impacted by the attack along with over $1 million in legal fees.
Equifax — 2017
The credit monitoring company Equifax became the focus of international headlines in 2017 when an application vulnerability led to the data breach of over 147 million people in the US, Canada, and the UK. The breach included Social Security Numbers, addresses, driver’s license information, and, in some cases, credit card information.
One of the worst parts of this breach is the fact that a lot of the people impacted didn’t do business directly with Equifax. Instead, Equifax acquired their information through another company that was running a credit check on them for either consumer or business purposes. Many of the people impacted didn’t even know that Equifax had their information. Once your Social Security Number is compromised, it can be an uphill battle to reclaim.
The breach was a combined result of several lapses in security and response. In March 2017, Equifax was notified of a vulnerability in the software platform they were using, Apache Struts, and failed to take action to fix the vulnerability. As a result, just two months later, in May 2017, millions of consumers’ information was hacked. These consumers were not notified until another two months later, in July 2017. Equifax ended up paying $425 million to consumers impacted by the data breach.
Target — 2013
During the height of the 2013 holiday shopping season, 41 million consumers’ data was hacked in the Target data breach. It happened between November and December 2013, which is pretty apt timing considering the sheer volume of shoppers entering Target stores nationwide in preparation for the holidays.
The breach impacted Target’s credit and debit cards. This was before the proliferation of chips in cards, and the breach prompted the company to put secure chips in all credit and debit cards going forward. The company also hired a new cybersecurity team, as there was some question as to whether the former head of cybersecurity had the right qualifications to oversee such a massive operation.
Although it’s important that Target took steps to provide more secure credit cards to consumers, the cards themselves were not the primary source of the problem. Hackers were able to rob credit and debit card data by stealing credentials from a third party. In addition to hacking credit and debit card information, the attackers were also able to get their hands on the personal data of over 60 million customers. The breach exposed significant weaknesses in Target’s security system, including a lack of two-party authentication.
The data breach cost Target $18.5 million in settlement fees and at least $100 million in costs related to updating security measures, including updating their credit card system.