What is a data breach? A data breach is an “incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so.” It can lead to sensitive data being leaked, such as credit cards and passwords to various websites. These hacks can lead to downtime of services and identity theft.
In 2016, the biggest example of a breach was when Yahoo had information stolen from 500 million user accounts. This breach did not happen this year however, but in 2014. It was only detected recently in September. The attack was done by a state-sponsored actor, which is an individual or a group who is paid by the government to hack a company or website. The data stolen includes name, emails, phone numbers, birth dates, encrypted passwords and security questions and answers. Credit cards and bank account numbers were apparently not stolen. The cost for this breach to Yahoo is estimated to be about $100-200 million dollars.
Other notable breaches include the 2011 PlayStation Network breach. It was an external intrusion where over 77 million accounts were compromised. The attack lasted for 2 days between April 17th and April 19th. Sony was forced to suspend all services on the 20th. Credit cards were also stolen when the hackers were accessing the network, but instances of fraud were not reported or properly linked to this breach. The cost to Sony was $171 million and the users had to deal with 23 days of downtime. To fix the problem, Sony upgraded all of its security and sent software updates to all PS3 consoles and PSP handhelds. A mandatory password reset was also required.
Both of these attacks show that even with strong passwords and diligence from your side, data breaches are still commonplace, and can affect everyone. You should continue to use strong passwords and watch out for phishing attacks. In the end, data breaches are usually caused by an ignorant user who may click on a link in an email by accident, which downloads a small program that run in the background and opens up access. The hacker uses this to gain access to other computers and databases. They are then free to browse the whole network. Today, companies are doing their best to have strict policies between their app, database, and web layers. This should help prevent unauthorized access of large databases containing user information, which companies spend millions on to improve the security every year.