The recent data breaches at health insurance giant Anthem and infidelity website Ashley Madison are, unfortunately, more commonplace than you may think.
“When you have a national brand, then it becomes major news,” says Yaron Samid, founder and chief executive of Billguard, a company that monitors your credit and debit cards for unwanted charges. “A lot of smaller merchants get breached all the time.”
A 2015 study by the Ponemon Institute and Symantec Corp. found that 47% of data breaches are caused by malicious or criminal attacks.
Here are 11 high-profile U.S. data breaches from the past several years.
Affected: 80 million patient and employee records, potentially exposing names, dates of birth, Social Security numbers, email addresses, employment information and income data.
Cost: The data breach could cost Anthem well over $100 million, according to ZDNet.com, with some estimating $8 to $16 billion.
What happened: In January 2015, health care giant Anthem learned of a cyberattack on its IT system that occurred over several weeks starting in December 2014. The stolen information may have included personal information, but the company does not believe credit card or banking information was compromised.
Affected: 33 million user accounts, including email addresses, first and last names and phone numbers.
Cost: The breach could cost the company an estimated $850 million, according to The New York Times.
What happened: In possibly the most publicized attack of the year, more than 30 million accounts on affair-site Ashley Madison, owned by Avid Life Media, were hacked and released to the public. The site claims that full credit card numbers were not taken.
Affected: 145 million customer accounts, including personal information.
Cost: Protection Group International estimates the breach will cost the company $200 million.
What happened: A cyberattack occurred between late February and early March, compromising customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth. No financial information was taken, according to eBay.
Affected: Sensitive financial and personal information of 76 million households and 7 million small businesses.
Cost: Protection Group International estimates that it will cost the banking giant $1 billion, despite the bank spending $250 million annually on cybersecurity.
What happened: In summer 2014, a cyberattack against Chase compromised usernames, addresses, phone numbers and email addresses. There were no signs that account numbers, passwords, user IDs, dates of birth or Social Security numbers were taken.
Affected: 56 million credit card accounts and 53 million email addresses.
Cost: The data breach cost the company an estimated $80 million before insurance reimbursements, according to Protection Group International.
What happened: In September 2014, Home Depot revealed that hackers had gained access to the company’s computer network using stolen account information from a vendor doing business with the hardware giant.
Affected: Personal information of about 3,000 current and former employees.
Cost: Sony estimates the cyberattack will cost the company $35 million.
What happened: In November, Sony Pictures Entertainment was the target of a cyberattack that leaked internal documents, including embarrassing emails and the annual salaries of senior executives. The attack also compromised employee names, Social Security numbers, credit card information and bank account information.
Affected: About 5 million Tricare military beneficiaries.
Cost: $130 million (Ponemon Institute estimate)
What happened: Computer backup tapes with personal data on military service members were stolen from the car of an employee of Science Applications International Corp., a defense contractor for Tricare, the health care program for service members. Much of the data was not encrypted.
What happened:Citibank agreed to pay $55,000 to settle with Connecticut after the state’s attorney general’s office alleged that the company had a “known technical vulnerability” in its online banking system.
What happened: Heartland Payment Systems, a credit card processor, had its computer network compromised. The company suffered another smaller breach in May 2015 that affected 2,200 individuals’ personal information, which may have included Social Security numbers and bank account information.