adv

The 16 biggest data breaches of the 21st century

15. Home Depot

Date: September 2014

Impact: Theft of credit/debit card information of 56 million customers.

Details: The hardware and building supply retailer announced in September what had been suspected for some weeks – that beginning in April or May, its POS systems had been infected with malware. The company later said an investigation concluded that a “unique, custom-built” malware had been used, which posed as anti-virus software.

In March 2016, the company agreed to pay at least US$19.5 million to compensate US consumers through a US$13 million fund to reimburse shoppers for out-of-pocket losses, and to spend at least US$6.5 million to fund 1 1/2 years of cardholder identity protection services.

The settlement covers about 40 million people who had payment card data stolen, and more than 52 million people who had email addresses stolen. There was some overlap between the groups. The company estimated US$161 million of pre-tax expenses for the breach, including the consumer settlement and expected insurance proceeds.

Read more about the Home Depot data breach...

16. Adobe

Date: October 2013

Impact: 38 million user records

Details: Originally reported in early October by security blogger Brian Krebs, it took weeks to figure out the scale of the breach and what it included. The company originally reported that hackers had stolen nearly 3 million encrypted customer credit card records, plus login data for an undetermined number of user accounts.

Later in the month, Adobe said the attackers had accessed IDs and encrypted passwords for 38 million “active users.” But Krebs reported that a file posted just days earlier, “appears to include more than 150 million username and hashed password pairs taken from Adobe.” After weeks of research, it eventually turned out, as well as the source code of several Adobe products, the hack had also exposed customer names, IDs, passwords and debit and credit card information.

In August 2015, an agreement called for Adobe to pay a US$1.1 million in legal fees and an undisclosed amount to users to settle claims of violating the Customer Records Act and unfair business practices. In November 2016, the amount paid to customers was reported at US$1 million.

Read more about the Adobe data breach...

CSO



Comments