The year 2017 won’t be the last year that’s remembered for producing a record number of data breaches. There’s a good chance the same story will be repeated for years to come. But what everyone can learn from the growing number of incidents is why greater breach prevention and detection is needed more now than ever.
To wrap up the year, we’ve gathered a list of major data breaches that made headlines in 2017, starting with the incident that will continue to make news long into 2018.
The Equifax breach impacted roughly 145 million Americans (AKA: Half the U.S. population), and involved the leaking of 209,000 credit card numbers and 182,000 documents with personal information. These cyber thieves also got away with social security numbers, and a slew of other vital personal information that’s used to open up fraudulent accounts and commit identity theft. Limited personal data was also stolen from some UK and Canada residents.
For banks and credit unions, the real threat lies in the hackers’ ability to open fraudulent accounts, new credit cards and even entire lines of credit. This creates an endless trail of credit card fraud that can exponentially impact the rate of which synthetic fraud (accounts created with a fictitious identity) can spread.
Uber faced plenty of backlash from it latest breach. To recap: Uber suffered a massive data breach in 2016 that impacted 57 million accounts and the names and driver's license numbers of 600,000 U.S. drivers. Uber has faced criticism since, including reports that the company reportedly paid a 20-year-old man to keep quiet about the details of the data breach. Uber reportedly paid hackers $100,000 ransom to delete the stolen personal data and never informed the media or the public about the incident.
Hilton Worldwide Holdings Inc. has found itself in hot water over two credit card data breaches that exposed more than 363,000 credit card numbers. The Attorneys General of New York and Vermont announced the decision earlier this week, which concluded that the hotel chain didn’t have sufficient data security to protect consumers from the breach. It was also concluded that the company waited too long to tell consumers about the breach that occurred in late 2014 and in the spring/summer of 2015
Hyatt Hotels Corp announced this week it discovered a breach in its payment card data that impacted 41 hotel locations worldwide between March 18, 2017 and July 2, 2017. This is the second breach of its type for the hotel chain in the past two years. This particular incident involved key payment card information from those manually entered or used at the front desk of the impacted locations.
The FDIC released a troubling report this week about the organization’s security, indicating that it’s faced a troubling number of breaches in a two-year-period. A new report from the Office of Inspector General suggests that the FDIC may have suffered more than 50 security breaches over a two-year period that could have compromised personal information for hundreds of thousands of U.S. citizens. The delayed response from the FDIC is generating some criticism.
Another day, another breach. That was the story Sonic Drive-In is the latest fast food chain to potentially be impacted by a payment card data breach. The chain has roughly 3,600 locations across the U.S. Reports indicate that the breach could have caused a massive sale on the dark web of millions of credit and debit card accounts, according to KrebsOnSecurity. The Sonic data breach has since spurred a class-action lawsuit.
Amazon’s grocery store faced some PR mess this year in the breach world. Whole Foods Market announced in September that it was investigating a potential data breach that could involve access to payment card data. It was eventually revealed that credit card data at up to 117 venues was confirmed stolen. This breach is believed to impact its table-service restaurants and taprooms that exist in a number of Whole Foods Stores and not the company’s main point-of-sale system used across the stores.
A U.S. judge ruled in the fall that Yahoo will face litigation in relation to a massive data breach that leaked personal data of more than 1 billion users. This breach occurred between 2013 and 2016, but Yahoo was slow to disclose the breach. Recent investigations of the attack then led Verizon Wireless to lower its purchase price of Yahoo, which was eventually purchased for $4.76 billion in June. More recently, the hacker related to the cybercrimes has pled guilty.
Anthem was involved in another major breach this year, following the company’s massive breach reported in January 2015 that impacted 78.8 million customer records. A report indicates that personal health data of more than 18,000 Medicare enrollees may have been leaked as part of the breach. This is the second major data breach for the health insurance company. The company agreed to a $115 million settlement last month, stemming from a 2015 data breach that involved the personal information of roughly 80 million people.
President Donald Trump makes headlines every day, but in July his namesake made news in the data breach world. Reports surfaced that 14 Trump Hotels were involved in credit card data breaches. This wasn’t the first of its kind for Trump properties, and the latest breach happened between August 2016 and March 2017, according to the company. The breach involved the Sabre Hospitality Solutions used to make reservations, and did not impact Trump Hotels’ systems.
This year added two more hotel breaches to the rapidly-growing list. Hard Rock Hotels and Casinos and Loews Hotels reported a data breach in July that linked to a third-party booking platform, SynXis through Sabre Hospitality Solutions. Reports indicate the hackers breached unencrypted payment card credentials of hotel guests, including names, card numbers, expiration dates and security codes.
Verizon made headlines this year in the breach world after reports surfaced that a security vulnerability led to the exposure of millions of Verizon customers’ personal data. It was not reported if credit card information was leaked in the breach, but Verizon indicated 6 million customers were impacted. Verizon also reported the data was only accessed by a researcher, but that was not confirmed by outside parties.
Chipotle couldn’t seem to catch a break in 2017. In a statement released earlier this year, the company reported its recent data breach impacted customers who used credit cards at most locations. While quite broad, this could potentially mean that all 2,291 locations across North America and Europe are impacted. Reports indicate that most locations were impacted by this breach. Following a series of troubling incidents, Chipotle also replaced its CEO.
You have fraud frustrations? We have the solutions. Let's discuss what you are dealing with and we can learn more and share how we can help.