In the current data-driven world, a database breach can be a serious problem for any business or individual. With the increase in digital advancement, we have also seen an increase in data breaches. Data theft has become a major concern in recent years since a lot of criminals have been using it to extort exorbitant amounts of money. In fact, a lot of fortune 500 companies in particular have experienced database hacking and lost money in the last few years. Not only does the breach of database cost you money but also leads to compromising a lot of important data in the wrong hands. Database hacking is a problem that needs to be taken very seriously. If a business or individual fails to secure their database properly, it can be a bigger headache than you could ever imagine.
Let us take a look at some real life examples of data hacking incidents that gained a lot of media attention in the last few years. High profile hacks have become very commonplace but some incidents stand out amongst others. These were scarier with a much larger impact compared to the thousands of cyber attacks that happen every single day.
Data Breaches that Shocked the World
In August 2013, the Yahoo database was attacked and it impacted more than 3 billion accounts. The incident was only announced to the public three years after it happened and they initially only said that the user accounts exposed were about 1 billion. However, the real number was more than three times that. They were being acquired by Verizon at the time of the announcement and the attack forced them to close the deal at a very reduced price. There was another separate database attack in 2014 where 500 million accounts were affected. It compromised user phone numbers, email addresses, dates of birth, names and hashed passwords. This breach was not revealed till 2016 when the hackers started selling the data on the black market.
In June 2021, the data of more than 700 million LinkedIn users was posted on a dark web forum. This hack into their database affected almost 90% of their users. The hacker went by the moniker “God User” and had exploited the API of the site with data scraping techniques. LinkedIn had argued that no sensitive personal data was exposed so it was not a data breach but more of a terms of service violation. However, the hacker then posted a data sample where email addresses, genders, phone numbers and a lot more details were exposed. This meant that it was in fact a data breach that made the data of millions of users susceptible to being used for malicious or harmful purposes.
In April 2019, two datasets from Facebook were exposed that affected more than 533 million users. The information leaked included Facebook IDs, phone numbers and account names. In April 2021, all this data was posted for free and it indicated new criminal intent.
In October 2013, it was reported that hackers had gained access to the login data and credit card records of almost 3 million users. The estimated number of users was then reported to be 38 million after three days. However, further into the investigation, it showed that the data breach had affected almost 153 million users whose names, passwords, credit and debit card numbers were exposed. The company had to pay legal fees of an estimated $1.1 million and around $1million in compensation to the affected users.
Marriott International (Starwood)
In September 2018, Hotel Marriott International revealed that sensitive personal information of around 500 million of Starwood guests were hacked into. The investigation on the incident showed that guests’ names, phone numbers, mailing addresses, dates of birth, arrival and departure dates, passport numbers, communication preferences and gender were revealed. The hack had also compromised the details of credit card numbers with expiration dates of a lot of the guests. Marriott then announced that they would be phasing out Starwood systems and enhancing security for their network. The Information Commissioner’s Office fined them 18.4 million pounds for failing to secure their customers private data in 2020. The attack was attributed to a particular Chinese Intelligence group who seemed to be gathering data on US citizens through the guest database.
All of these are just a few examples to emphasize how important database security is and how costly it can be for a business if they fail to secure their database from hackers. Hackers can gain access to a person’s personal information and sell it on the dark web in seconds to make money. The data can then be used by criminals for all sorts of crimes such as identity theft or unauthorized bank transfers.
Database security is important because valuable information is stored in the database such as corporate data, financial data, customer data and more. If the database is hacked and your database stops working even for a few hours, it can cost more money than you can imagine. Not only does it result in financial losses, it also has a huge negative impact on the reputation of a business. This is why it is important to comply with data privacy and protection laws, and regulations. Some examples include Financial Services (GLBA), Sarbanes Oxley (SOX), Healthcare Services (HIPAA), Data Accountability and Trust Act (DATA), and more. But the point is, you need to be more concerned about database hacking because it can have a very big impact on the company and all its users in a lot of ways. Unfortunately, even the largest and most successful companies are not completely immune to hacking.
A database is a very critical part of the infrastructure of a business and hacking can have repercussions for both the company and its consumers. It could lead to aggravating circumstances at best and devastating results at worst.