The Facebook scandal and its ongoing fallout - most recently, a senate hearing where Mark Zuckerberg, the company's CEO, apologized once more to Facebook users for the misuse of their data - is not the first of its kind. In fact, the digital era has been littered with data breaches. Here are some of the biggest data scandals we've seen this century so far.
Yahoo: 2013-2014 – Affecting 3 billion user accounts
This breach is at the top of the list, not just for the huge number of people impacted by the scandal, but also because of the disastrous handling and lack of transparency on the part of Yahoo. While this massive security breach actually occurred a couple of years earlier, the scandal didn't become public until September 2016, when the company entered negotiations to be bought out by Verizon. An attack in 2014, thought to be at the hands of a "state sponsored actor", exposed the personal details of 500 million users, including their names, emails, phone numbers and DOB's. This was far from the end of the story however. In December of 2016, it came to light that a different hacker collective had attacked 1 billion accounts in 2013, which in addition to personal names, emails and numbers, also compromised passwords as well as security questions and answers. It took until 2017 for Yahoo to acknowledge that in fact 3 billion user accounts had been compromised in the 2013 attack.
Equifax: 2017- Affecting 145.4 million customers
Equifax, one of America's largest credit bureaus suffered a data breach last year as a result of an application vulnerability on one of the company's websites. The breach led to the exposure of a wealth of personal data on 143 million Americans, who never even had the choice to opt out or opt in to the company's credit reporting services. The data that was compromised included social security numbers, addresses, DOB's, driver's license data and in some cases, credit card information. Then, a full 6 months later, Equifax acknowledged that another 2.4 million users were actually affected, meaning that in all, data on over half of all Americans was compromised.
eBay: 2014 - Affecting 145 million users
In May 2014, eBay disclosed that it had been the victim of a cyber attack that had compromised the personal details all 145 million users, including their names, addresses, DOB's and passwords. Hackers had used the credentials of 3 company employees to access eBay's user database and had free rein of the system for 7 and a half months. While they did not gain access to credit card details and other financial data, the hackers were able to get customers to change their passwords, unwittingly providing their new credentials. Here too, a lack of communication with users and a lax approach to security were in evidence. However, notably, the digital auction house bounced back with a boost in revenues the following quarter, barely feeling the impact- a far cry from the prolonged pressure Facebook is currently under.
Target: 2013 – Affecting 110 million customers
Target was hit by a hack in late 2013, which was not actually discovered for a number of weeks. The company announced that a hack had compromised credit and debit card information and contact information for approximately 40 million customers. However, in a now familiar turn of events, in January of the following year, the retail giant revised its estimate, stating that personally identifiable information, including names, emails, addresses and phone numbers of 70 million customers had also been exposed, raising the number affected to 110 million. The breach cost the company $162 million and the scandal led to the resignation of the store's CIO, followed closely by that of the CEO. While Target implemented a number of security improvements, the company has been widely criticized for the insufficiency of these measures.
Uber: 2016 – Affecting 57 million users and 600,000 drivers
Uber has had its fair share of scandal in recent years and the breach in 2016 was just one more instance of the company mishandling a crisis. Two hackers accessed personal details of 57 million users, including their names, emails and phone numbers, in addition to obtaining the driver's license numbers of 600,000 of the company's drivers. It then took a year for Uber to confess publicly to the breach. Then it became clear that the company had compounded one misstep with another, with the revelation that Uber had paid the hackers $100,000 to destroy the data, a payoff which they had labelled a "bug bounty" fee with no means of confirming whether the stolen data was in fact destroyed.